www.herocosmetics.us Open in urlscan Pro
23.227.38.74 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://link.theskimm.com/click/27196228.2339958/aHR0cHM6Ly9za2ltbXRoLmlzLzN0UXpBV08/5f6a2b76e5684b7151211d5dBe2c42be1
Effective URL:
https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Submission: On March 31 via api (March 31st 2022, 12:38:16 am UTC) from US — Scanned from DE

Summary HTTP 189 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 62 IPs in 9 countries across 80 domains to perform 189 HTTP transactions. The main IP is 23.227.38.74, located in Ottawa, Canada and belongs to CLOUDFLARENET, US. The main domain is www.herocosmetics.us. The Cisco Umbrella rank of the primary domain is 948636.
TLS certificate: Issued by R3 on March 2nd 2022. Valid for: 3 months.

This is the only time www.herocosmetics.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.226.166.212 3.226.166.212	14618 (AMAZON-AES) (AMAZON-AES)
1 1	67.199.248.12 67.199.248.12	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 5	23.227.38.74 23.227.38.74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	2a04:4e42:400... 2a04:4e42:400::268	54113 (FASTLY) (FASTLY)
1	2001:4860:480... 2001:4860:4802:34::15	15169 (GOOGLE) (GOOGLE)
6	104.16.255.71 104.16.255.71	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:350... 2a02:26f0:3500:893::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	23.36.163.232 23.36.163.232	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:215... 2600:9000:2156:5800:f:8ce2:fb80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
2	2600:9000:231... 2600:9000:2315:1400:1c:9484:cec0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.64 143.204.98.64	16509 (AMAZON-02) (AMAZON-02)
1	34.120.58.162 34.120.58.162	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	23.227.38.33 23.227.38.33	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.70.113 104.18.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.128.84 151.101.128.84	54113 (FASTLY) (FASTLY)
1	34.235.216.103 34.235.216.103	14618 (AMAZON-AES) (AMAZON-AES)
2	2a02:26f0:350... 2a02:26f0:3500:889::1d72	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:fb:... 2a02:26f0:fb:5a0::1d72	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	40.85.149.70 40.85.149.70	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2606:4700:20:... 2606:4700:20::681a:c9e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3030::6815:3d8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:215... 2600:9000:2156:1000:1:d5ae:c900:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.186.235.23 35.186.235.23	15169 (GOOGLE) (GOOGLE)
1	143.204.98.76 143.204.98.76	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1 7	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.157.5.251 108.157.5.251	16509 (AMAZON-02) (AMAZON-02)
1 33	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
3	104.16.53.111 104.16.53.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.229.233.223 192.229.233.223	15133 (EDGECAST) (EDGECAST)
3	54.195.39.4 54.195.39.4	16509 (AMAZON-02) (AMAZON-02)
1	18.158.155.73 18.158.155.73	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	143.204.98.104 143.204.98.104	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	35.186.226.184 35.186.226.184	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	143.204.98.102 143.204.98.102	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
4	20.96.88.162 20.96.88.162	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1 1	3.121.35.193 3.121.35.193	16509 (AMAZON-02) (AMAZON-02)
3 3	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.158.201.231 18.158.201.231	16509 (AMAZON-02) (AMAZON-02)
1 1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	3.121.45.11 3.121.45.11	16509 (AMAZON-02) (AMAZON-02)
2 2	52.52.42.174 52.52.42.174	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4200:fed4:35ed:3821:843c	14618 (AMAZON-AES) (AMAZON-AES)
1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	143.204.95.155 143.204.95.155	16509 (AMAZON-02) (AMAZON-02)
1	79.125.14.53 79.125.14.53	16509 (AMAZON-02) (AMAZON-02)
1	18.215.127.208 18.215.127.208	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.232.212.195 18.232.212.195	14618 (AMAZON-AES) (AMAZON-AES)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	54.154.124.119 54.154.124.119	16509 (AMAZON-02) (AMAZON-02)
1 1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
2 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1 1	52.28.129.116 52.28.129.116	16509 (AMAZON-02) (AMAZON-02)
1 1	3.68.182.119 3.68.182.119	16509 (AMAZON-02) (AMAZON-02)
2 2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1 1	3.93.204.138 3.93.204.138	14618 (AMAZON-AES) (AMAZON-AES)
2 2	108.157.4.15 108.157.4.15	16509 (AMAZON-02) (AMAZON-02)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1 1	45.79.180.191 45.79.180.191	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	2606:4700:20:... 2606:4700:20::681a:54f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.241.51 35.186.241.51	() ()
189	62

1 3.226.166.212 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-166-212.compute-1.amazonaws.com

link.theskimm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.12 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: cname.bitly.com

skimmth.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.227.38.74 (Ottawa, Canada) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.herocosmetics.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a04:4e42:400::268 (United States)

ASN54113 (FASTLY, US)

cdn.shopify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::15 (United States)

ASN15169 (GOOGLE, US)

ssapi.herocosmetics.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.255.71 (None, )

ASN13335 (CLOUDFLARENET, US)

monorail-edge.shopifysvc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:893::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.36.163.232 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-232.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:5800:f:8ce2:fb80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.dwin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

static.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static-tracking.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2315:1400:1c:9484:cec0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.attn.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-64.fra50.r.cloudfront.net

static.myshlf.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.58.162 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 162.58.120.34.bc.googleusercontent.com

shopify-gtm-suite.getelevar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.227.38.33 (Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: checkout.shopify.com

shop.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)

ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.128.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.235.216.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-216-103.compute-1.amazonaws.com

app.swellrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:889::1d72 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

staticw2.yotpo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:fb:5a0::1d72 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn-loyalty.yotpo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.85.149.70 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bingshoppingtool-t2app-prod.trafficmanager.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:c9e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

live.bb.eight-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:3d8b (United States)

ASN13335 (CLOUDFLARENET, US)

app.backinstock.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:1000:1:d5ae:c900:21 (United States)

ASN16509 (AMAZON-02, US)

d275fvz7g8rvo.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.235.23 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 23.235.186.35.bc.googleusercontent.com

cdn4.mxpnl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-76.fra50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.5.251 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-5-251.dus51.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)

herocosmetics.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.233.223 (United States)

ASN15133 (EDGECAST, US)

cdn-swell-assets.yotpo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.195.39.4 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-39-4.eu-west-1.compute.amazonaws.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.155.73 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-155-73.eu-central-1.compute.amazonaws.com

p.yotpo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-104.fra50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.226.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-102.fra50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.96.88.162 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

k.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.35.193 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-35-193.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.21.141.232 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.201.231 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-201-231.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.45.11 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-45-11.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.52.42.174 (San Jose, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-42-174.us-west-1.compute.amazonaws.com

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:fed4:35ed:3821:843c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

amazon.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:db6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.233 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.95.155 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-155.fra50.r.cloudfront.net

www.imdb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.125.14.53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-14-53.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.215.127.208 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-127-208.compute-1.amazonaws.com

usersync.samplicio.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.232.212.195 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-212-195.compute-1.amazonaws.com

ads.samba.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.124.119 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-124-119.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.239 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.129.116 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-129-116.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.68.182.119 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-182-119.eu-central-1.compute.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.93.204.138 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-204-138.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.157.4.15 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-15.dus51.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 2 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.53 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadus.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.79.180.191 (Cedar Knolls, United States) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: lciapi-ewr-16.ninthdecimal.com

lciapi.ninthdecimal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.132 (United States) 1 redirects

ASN54113 (FASTLY, US)

pi.ispot.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands) 1 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:54f (United States)

ASN13335 (CLOUDFLARENET, US)

cld.accentuate.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.241.51 (None, )

ASN- ()

api-js.mixpanel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	shopify.com cdn.shopify.com — Cisco Umbrella Rank: 2282	844 KB
33	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 278	25 KB
11	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 2153 ekr.zdassets.com — Cisco Umbrella Rank: 2392	502 KB
7	clarity.ms 1 redirects k.clarity.ms — Cisco Umbrella Rank: 2080 c.clarity.ms — Cisco Umbrella Rank: 644	24 KB
7	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 390 c.bing.com — Cisco Umbrella Rank: 230	25 KB
6	yotpo.com staticw2.yotpo.com — Cisco Umbrella Rank: 6794 cdn-loyalty.yotpo.com — Cisco Umbrella Rank: 15630 cdn-swell-assets.yotpo.com — Cisco Umbrella Rank: 14465 p.yotpo.com — Cisco Umbrella Rank: 6270	501 KB
6	shopifysvc.com monorail-edge.shopifysvc.com — Cisco Umbrella Rank: 2922	3 KB
6	herocosmetics.us 1 redirects www.herocosmetics.us — Cisco Umbrella Rank: 948636 ssapi.herocosmetics.us	148 KB
5	klaviyo.com static.klaviyo.com — Cisco Umbrella Rank: 3898 static-tracking.klaviyo.com — Cisco Umbrella Rank: 4340	31 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 1203	71 KB
4	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 287 cms.analytics.yahoo.com — Cisco Umbrella Rank: 899	959 B
4	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 cm.g.doubleclick.net — Cisco Umbrella Rank: 206	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	20 KB
4	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 772	39 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	2 KB
3	pubmatic.com 3 redirects image2.pubmatic.com — Cisco Umbrella Rank: 882 image6.pubmatic.com — Cisco Umbrella Rank: 610	1 KB
3	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 536	3 KB
3	snapchat.com tr.snapchat.com — Cisco Umbrella Rank: 990	760 B
3	iesnare.com mpsnare.iesnare.com — Cisco Umbrella Rank: 5682	22 KB
3	zendesk.com herocosmetics.zendesk.com	2 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 624 script.hotjar.com — Cisco Umbrella Rank: 958 vars.hotjar.com — Cisco Umbrella Rank: 1008	66 KB
3	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 848	1 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 245	2 KB
2	semasio.net 2 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1189	1 KB
2	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 132	736 B
2	serving-sys.com 2 redirects bs.serving-sys.com — Cisco Umbrella Rank: 1151 lm.serving-sys.com — Cisco Umbrella Rank: 2034	779 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 515	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 571	996 B
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	2 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 348 token.rubiconproject.com — Cisco Umbrella Rank: 669	674 B
2	krxd.net 1 redirects beacon.krxd.net — Cisco Umbrella Rank: 428 usermatch.krxd.net — Cisco Umbrella Rank: 1229	496 B
2	myvisualiq.net 2 redirects t.myvisualiq.net — Cisco Umbrella Rank: 1530	1 KB
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 350	657 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	1 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5640	655 B
2	google.com www.google.com — Cisco Umbrella Rank: 7	655 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 99	388 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 136	114 KB
2	eight-cdn.com 1 redirects live.bb.eight-cdn.com — Cisco Umbrella Rank: 63101	3 KB
2	attn.tv cdn.attn.tv — Cisco Umbrella Rank: 4718	750 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 229	24 KB
1	mixpanel.com api-js.mixpanel.com	374 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 694	7 KB
1	accentuate.io cld.accentuate.io — Cisco Umbrella Rank: 59300	4 KB
1	taboola.com 1 redirects sync.taboola.com — Cisco Umbrella Rank: 963	168 B
1	ispot.tv 1 redirects pi.ispot.tv — Cisco Umbrella Rank: 2558	343 B
1	ninthdecimal.com 1 redirects lciapi.ninthdecimal.com — Cisco Umbrella Rank: 3746	612 B
1	exelator.com loadus.exelator.com — Cisco Umbrella Rank: 1216	324 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 399	305 B
1	mookie1.com 1 redirects odr.mookie1.com — Cisco Umbrella Rank: 906	602 B
1	samba.tv 1 redirects ads.samba.tv — Cisco Umbrella Rank: 5817	292 B
1	samplicio.us usersync.samplicio.us — Cisco Umbrella Rank: 3111	263 B
1	imdb.com 1 redirects www.imdb.com — Cisco Umbrella Rank: 2636	913 B
1	stickyadstv.com 1 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 668	764 B
1	zeotap.com 1 redirects mwzeom.zeotap.com — Cisco Umbrella Rank: 1548	391 B
1	tremorhub.com amazon.partners.tremorhub.com — Cisco Umbrella Rank: 5877	183 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 449	672 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 434	336 B
1	t.co t.co — Cisco Umbrella Rank: 463	336 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 518	457 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1608	157 B
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 1187	7 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 622	6 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1438	8 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 105	15 KB
1	mxpnl.com cdn4.mxpnl.com — Cisco Umbrella Rank: 11062	18 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	65 KB
1	cloudfront.net d275fvz7g8rvo.cloudfront.net	3 KB
1	backinstock.org app.backinstock.org — Cisco Umbrella Rank: 12846	18 KB
1	trafficmanager.net bingshoppingtool-t2app-prod.trafficmanager.net — Cisco Umbrella Rank: 40508	817 B
1	swellrewards.com app.swellrewards.com — Cisco Umbrella Rank: 415556	4 KB
1	shop.app shop.app — Cisco Umbrella Rank: 5727	1 KB
1	getelevar.com shopify-gtm-suite.getelevar.com — Cisco Umbrella Rank: 26492	34 KB
1	myshlf.us static.myshlf.us — Cisco Umbrella Rank: 138365	1 KB
1	dwin1.com www.dwin1.com — Cisco Umbrella Rank: 4576	8 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 896	39 KB
1	skimmth.is 1 redirects skimmth.is — Cisco Umbrella Rank: 264392	335 B
1	theskimm.com 1 redirects link.theskimm.com — Cisco Umbrella Rank: 134006	543 B
0	survata.com Failed px.surveywall-api.survata.com Failed
0	geoip-db.com Failed geoip-db.com Failed
189	80

	Domain	Requested by
37	cdn.shopify.com	www.herocosmetics.us cdn.shopify.com
33	s.amazon-adsystem.com	1 redirects www.herocosmetics.us s.amazon-adsystem.com
10	static.zdassets.com	cdn.shopify.com static.zdassets.com
6	bat.bing.com	ssapi.herocosmetics.us bat.bing.com bingshoppingtool-t2app-prod.trafficmanager.net
6	monorail-edge.shopifysvc.com	cdn.shopify.com
5	analytics.tiktok.com	cdn.shopify.com analytics.tiktok.com
5	www.herocosmetics.us	1 redirects cdn.shopify.com
4	k.clarity.ms	bat.bing.com cdn.shopify.com
4	www.google-analytics.com	ssapi.herocosmetics.us cdn.shopify.com www.googletagmanager.com
4	s.pinimg.com	cdn.shopify.com s.pinimg.com ssapi.herocosmetics.us
3	fonts.googleapis.com	staticw2.yotpo.com cdn-swell-assets.yotpo.com
3	ups.analytics.yahoo.com	3 redirects
3	c.clarity.ms	1 redirects bat.bing.com
3	tr.snapchat.com	cdn.shopify.com
3	mpsnare.iesnare.com	staticw2.yotpo.com mpsnare.iesnare.com
3	herocosmetics.zendesk.com	static.zdassets.com
3	ct.pinterest.com	cdn.shopify.com www.herocosmetics.us
3	static.klaviyo.com	www.herocosmetics.us static.klaviyo.com
2	image6.pubmatic.com	2 redirects
2	ib.adnxs.com	2 redirects
2	uipglob.semasio.net	2 redirects
2	sb.scorecardresearch.com	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	sync.search.spotxchange.com	2 redirects
2	c1.adform.net	2 redirects
2	dpm.demdex.net	2 redirects
2	t.myvisualiq.net	2 redirects
2	pixel.advertising.com	2 redirects
2	x.bidswitch.net	2 redirects
2	dsum-sec.casalemedia.com	2 redirects
2	www.google.de
2	www.google.com
2	www.facebook.com
2	cdn-swell-assets.yotpo.com	cdn-loyalty.yotpo.com cdn-swell-assets.yotpo.com
2	connect.facebook.net	www.herocosmetics.us connect.facebook.net
2	live.bb.eight-cdn.com	1 redirects
2	staticw2.yotpo.com	www.herocosmetics.us staticw2.yotpo.com
2	static-tracking.klaviyo.com	static.klaviyo.com
2	cdn.attn.tv	www.herocosmetics.us ssapi.herocosmetics.us
2	cdnjs.cloudflare.com	www.herocosmetics.us
1	api-js.mixpanel.com	cdn.shopify.com
1	maxcdn.bootstrapcdn.com	cdn-swell-assets.yotpo.com
1	cld.accentuate.io
1	sync.taboola.com	1 redirects
1	pi.ispot.tv	1 redirects
1	lciapi.ninthdecimal.com	1 redirects
1	loadus.exelator.com	s.amazon-adsystem.com
1	token.rubiconproject.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	us-u.openx.net	s.amazon-adsystem.com
1	usermatch.krxd.net	1 redirects
1	lm.serving-sys.com	1 redirects
1	bs.serving-sys.com	1 redirects
1	odr.mookie1.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	ads.samba.tv	1 redirects
1	usersync.samplicio.us	s.amazon-adsystem.com
1	beacon.krxd.net	s.amazon-adsystem.com
1	www.imdb.com	1 redirects
1	ads.stickyadstv.com	1 redirects
1	mwzeom.zeotap.com	1 redirects
1	cms.analytics.yahoo.com	s.amazon-adsystem.com
1	amazon.partners.tremorhub.com	s.amazon-adsystem.com
1	tags.bluekai.com	1 redirects
1	aa.agkn.com	1 redirects
1	c.bing.com	1 redirects
1	stats.g.doubleclick.net	cdn.shopify.com
1	vars.hotjar.com	static.hotjar.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	script.hotjar.com	static.hotjar.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	alb.reddit.com
1	p.yotpo.com
1	sc-static.net	www.herocosmetics.us
1	static.ads-twitter.com	ssapi.herocosmetics.us
1	www.redditstatic.com	ssapi.herocosmetics.us
1	www.googleadservices.com	ssapi.herocosmetics.us
1	static.hotjar.com	ssapi.herocosmetics.us
1	cdn4.mxpnl.com	www.herocosmetics.us
1	www.googletagmanager.com	ssapi.herocosmetics.us
1	d275fvz7g8rvo.cloudfront.net	www.herocosmetics.us
1	app.backinstock.org	www.herocosmetics.us
1	bingshoppingtool-t2app-prod.trafficmanager.net	www.herocosmetics.us
1	cdn-loyalty.yotpo.com	www.herocosmetics.us
1	app.swellrewards.com	cdn.shopify.com
1	ekr.zdassets.com	cdn.shopify.com
1	shop.app	cdn.shopify.com
1	shopify-gtm-suite.getelevar.com	www.herocosmetics.us
1	static.myshlf.us	www.herocosmetics.us
1	www.dwin1.com	www.herocosmetics.us
1	unpkg.com	www.herocosmetics.us
1	ssapi.herocosmetics.us	www.herocosmetics.us
1	skimmth.is	1 redirects
1	link.theskimm.com	1 redirects
0	px.surveywall-api.survata.com Failed	s.amazon-adsystem.com
0	geoip-db.com Failed	cdn.shopify.com
189	98

This site contains links to these domains. Also see Links.

Domain
heroskinsquad.socialmedialink.com
support.herocosmetics.us
www.instagram.com
www.facebook.com
twitter.com
www.youtube.com
www.tiktok.com

Subject Issuer	Validity	Valid
www.herocosmetics.us R3	`2022-03-02` - `2022-05-31`	3 months	crt.sh
cdn.shopify.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-20` - `2022-05-22`	a year	crt.sh
ssapi.herocosmetics.us GTS CA 1D4	`2022-03-23` - `2022-06-21`	3 months	crt.sh
monorail-edge.shopifysvc.com R3	`2022-01-31` - `2022-05-01`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.tiktok.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-13` - `2023-01-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.dwin1.com Amazon	`2021-11-19` - `2022-12-17`	a year	crt.sh
static.klaviyo.com R3	`2022-03-24` - `2022-06-22`	3 months	crt.sh
*.attn.tv Amazon	`2021-03-08` - `2022-04-06`	a year	crt.sh
static.myshlf.us Amazon	`2021-10-10` - `2022-11-08`	a year	crt.sh
shopify-gtm-suite.getelevar.com GTS CA 1D4	`2022-02-09` - `2022-05-10`	3 months	crt.sh
shop.app R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
static-tracking.klaviyo.com R3	`2022-01-31` - `2022-05-01`	3 months	crt.sh
ssl1036557.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-07-08` - `2022-07-07`	a year	crt.sh
*.swellrewards.com Amazon	`2021-07-23` - `2022-08-21`	a year	crt.sh
*.yotpo.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-02`	a year	crt.sh
bingshoppingtool-t2app-prod.trafficmanager.net Microsoft RSA TLS CA 01	`2021-11-01` - `2022-11-01`	a year	crt.sh
backinstock.org Cloudflare Inc ECC CA-3	`2021-05-31` - `2022-05-30`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-07` - `2022-04-07`	3 months	crt.sh
*.mxpnl.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-07-15` - `2022-07-28`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2022-08-16`	6 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-01-27`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
herocosmetics.zendesk.com Cloudflare Inc ECC CA-3	`2021-06-30` - `2022-06-29`	a year	crt.sh
mpsnare.iesnare.com DigiCert SHA2 Extended Validation Server CA	`2021-04-27` - `2022-05-24`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2022-08-16`	6 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
tr.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-13` - `2023-01-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
c.msn.com Microsoft Azure TLS Issuing CA 01	`2022-02-08` - `2023-02-03`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-09-07`	6 months	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.samplicio.us Amazon	`2022-03-18` - `2023-04-16`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.mixpanel.com GeoTrust RSA CA 2018	`2020-04-20` - `2022-04-21`	2 years	crt.sh

This page contains 8 frames:

Primary Page: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Frame ID: FD3D7A6CCBB004F56F0496F537A181F7
Requests: 132 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-b55648d86d169e264c05.js
Frame ID: B447406098EF529446B27EA7CF924A4B
Requests: 12 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170&dcc=t
Frame ID: 33619B6DFE9AE1C0E96438AD694C5F19
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 77B49FCA26F3B73CE44A8788475C33CC
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=0470dae7-028b-4609-a07a-65a3ee776aed
Frame ID: 2D33834DC15F09F56948CE91114BA24F
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: 9B59ACD389B8309EFC6E6C7BA1F969AA
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA
Frame ID: FEC641955C1401FC6C35A0152AB6029D
Requests: 38 HTTP requests in this frame

Frame: https://cdn-swell-assets.yotpo.com/bootstrap.min.css
Frame ID: E7F7FE6561525A3D9129A99747830B99
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

theSkimm | Hero Cosmetics

Page URL History Show full URLs

https://link.theskimm.com/click/27196228.2339958/aHR0cHM6Ly9za2ltbXRoLmlzLzN0UXpBV08/5f6a2b76e5684b715... HTTP 302
https://skimmth.is/3tQzAWO HTTP 301
https://www.herocosmetics.us/discount/MARSKIMM?redirect=/pages/theskimm?&utm_source=partnership&utm_mediu... HTTP 302
https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_cam... Page URL

Detected technologies

Shopify (Ecommerce) Expand

Overall confidence: 25%
Detected patterns

<link[^>]+=['"]//cdn\.shopify\.com

Apple Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

<script id="apple-pay

AWIN (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

dwin1\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Klaviyo (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

klaviyo\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

189
Requests

82 %
HTTPS

29 %
IPv6

80
Domains

98
Subdomains

62
IPs

9
Countries

2708 kB
Transfer

8269 kB
Size

101
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://heroskinsquad.socialmedialink.com/members/sign_in?utm_source=community&utm_medium=skinsquad&utm_campaign=invite#/
Title: Join Skin Squad

Search URL Search Domain Scan URL

URL: https://support.herocosmetics.us/hc/en-us
Title: FAQ

Search URL Search Domain Scan URL

URL: https://support.herocosmetics.us/hc/en-us/requests/new
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.instagram.com/herocosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/herocosmetics/

Search URL Search Domain Scan URL

URL: https://twitter.com/herocosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC0wZCPILuEVZaTPCUutXPag

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@herocosmetics

Search URL Search Domain Scan URL

URL: https://support.herocosmetics.us/
Title: FAQ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://link.theskimm.com/click/27196228.2339958/aHR0cHM6Ly9za2ltbXRoLmlzLzN0UXpBV08/5f6a2b76e5684b7151211d5dBe2c42be1 HTTP 302
https://skimmth.is/3tQzAWO HTTP 301
https://www.herocosmetics.us/discount/MARSKIMM?redirect=/pages/theskimm?&utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm HTTP 302
https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://live.bb.eight-cdn.com/script.js?shop=tbate.myshopify.com HTTP 302
https://live.bb.eight-cdn.com/static/script-29cd8c3234213624fdaf.js

Request Chain 91

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170 HTTP 302
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170&dcc=t

Request Chain 119

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=EFE1D30C12FB4B059F1FC1331A62EAE0&RedC=c.clarity.ms&MXFR=00A30083664F6E510C3C11FB624F60B1 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=EFE1D30C12FB4B059F1FC1331A62EAE0&MUID=13BDA66E9C8369CB3B22B7169D516890

Request Chain 140

https://aa.agkn.com/adscores/g.pixel?sid=9212284268 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=164990604107000003875&ex=neustar.biz

Request Chain 141

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=198&external_user_id=W_vEmG1GTcymV2cEPsmFrw&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D&cm_dsp_id=198&external_user_id=W_vEmG1GTcymV2cEPsmFrw&C=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YkT38cExnBSrHk2zgrn14AAA

Request Chain 142

https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=9e54b172cb520c637360b378db13ad4c

Request Chain 143

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID

Request Chain 144

https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=9HSSs0voQ8uM9HQsDFRdAQ HTTP 302
https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=9HSSs0voQ8uM9HQsDFRdAQ&verify=true HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=9HSSs0voQ8uM9HQsDFRdAQ

Request Chain 145

https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1 HTTP 302
https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/56466/sync?redir=true&_origin=1&apid=UPd6f1f843-b08a-11ec-a38f-0214991a90ae HTTP 302
https://s.amazon-adsystem.com/ecm3?id=c667fe67a803bd9ef3ab228a425e7eec84c61a8c&ex=aoldisplay.com

Request Chain 146

https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a505c512-63f1-4c24-a1e5-e627c5d5c8cf

Request Chain 150

https://mwzeom.zeotap.com/mw?zpartnerid=1353&zurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dzeotap%26id%3D%7BZCOOKIE%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=f6e0b0a4-c290-435f-5150-6b11cf384239

Request Chain 151

https://ads.stickyadstv.com/user-matching?id=2545 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=de71ba2d8d47be46df738663464fd62b&ex=freewheel.tv&gdpr=0&gdpr_consent=

Request Chain 152

https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com HTTP 302
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

Request Chain 155

https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f2493c1f049c6002

Request Chain 156

https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=LcW0gP2rRJef7Jucrv0mYQ&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=LcW0gP2rRJef7Jucrv0mYQ

Request Chain 157

https://dpm.demdex.net/ibs:dpid=139200&dpuuid=NzhI7h3KQiC0UcQFd2bWVg&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=139200&dpuuid=NzhI7h3KQiC0UcQFd2bWVg&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=52064747112953455062459007380188991176

Request Chain 158

https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=PloN6YSJTTKInla9qxt_DA HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10812368650802890455&gdpr=&gdpr_consent=

Request Chain 160

https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=436864407133840478

Request Chain 161

https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=d74d52df-b08a-11ec-8440-1974e5cf0106 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=d74d5298-b08a-11ec-8440-1974e5cf0106

Request Chain 162

https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D HTTP 302
https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%22ca381b52-ff8c-475b-a7fe-9b5965da653d%22,%22Time%22:%2220220331T003810.620317%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%] HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=ca381b52-ff8c-475b-a7fe-9b5965da653d

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEO_GOFHF8yRX9ofTrJBXvCM&google_cver=1

Request Chain 164

https://usermatch.krxd.net/um/v2?partner=amzn HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=krux.com&id=Ov9sW-lV

Request Chain 165

https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=b7742671dc18d74e4f568382183d7137

Request Chain 167

https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__ HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=index&id=KxbAwZEF1mzbTA6H-9yb1Tc4dMQ4ZgIC

Request Chain 168

https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=466D2E0FEBC279C6

Request Chain 169

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=5797196673162993913&ex=appnexus.com

Request Chain 170

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzgmdGw9MTI5NjAw&piggybackCookie=_fpD-nKIQFCfO5PUZSTdhw&rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DpubmaticHMT%26id%3D%24%7BDSP_UID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=_fpD-nKIQFCfO5PUZSTdhw

Request Chain 171

https://token.rubiconproject.com/token?pid=2179&pt=n HTTP 302
https://s.amazon-adsystem.com/ecm3?id=4kh3lxYAmykurrKJ6Q8JNsWWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok

Request Chain 172

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=bNjF4LnqRpCZs-aqXJQLAw& HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=googleHMT

Request Chain 174

https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DF3F744621507A5830217EF0F

Request Chain 175

https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=eda0a5f4d707bd082ed0503baa29eb8ccb26f54fb728496b7064187730b5ef8c

Request Chain 176

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=43C48F2B-B73E-45DC-8C6D-7F17FA80C4FA

Request Chain 177

https://sync.taboola.com/sg/amazon-a9-network/1/rtb HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e44b11b8-6f29-4a3f-a0e7-7ace0b9023d0-tuct93e7d72

189 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request theskimm Show response
www.herocosmetics.us/pages/
Redirect Chain

https://link.theskimm.com/click/27196228.2339958/aHR0cHM6Ly9za2ltbXRoLmlzLzN0UXpBV08/5f6a2b76e5684b7151211d5dBe2c42be1
https://skimmth.is/3tQzAWO
https://www.herocosmetics.us/discount/MARSKIMM?redirect=/pages/theskimm?&utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

180 KB
33 KB

436ms
435ms

Document
text/html

23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ced444f42b5fd805b5d0bd1406846dd2e7bcef42003b9833fcb2173d55d3af8e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6f45053b2af15bf5-FRA
content-encoding: br
content-language: en-DE
content-security-policy: block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
content-type: text/html; charset=utf-8
date: Thu, 31 Mar 2022 00:38:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
link: <https://cdn.shopify.com>; rel=preconnect, <https://cdn.shopify.com>; rel=preconnect; crossorigin
server: cloudflare
strict-transport-security: max-age=7889238
vary: Accept
x-alternate-cache-key: cacheable:2f672303e2b4583fdd961b88f20a773f
x-cache: miss
x-content-type-options: nosniff
x-dc: gcp-europe-west1,gcp-us-east1,gcp-us-east1
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: a9e5a588-74d5-41fe-b2b0-5b60299e0161
x-shardid: 41
x-shopid: 21814481
x-shopify-stage: production
x-sorting-hat-podid: 41
x-sorting-hat-shopid: 21814481
x-storefront-renderer-rendered: 1
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6f45053919245bf5-FRA
content-language: en-DE
content-security-policy: block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=store_code&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fdiscounts&source%5Bsection%5D=storefront&source%5Buuid%5D=08ad7218-7605-43f6-af04-8c9b80e52de4
content-type: text/html; charset=utf-8
date: Thu, 31 Mar 2022 00:38:07 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
server: cloudflare
strict-transport-security: max-age=7889238
x-content-type-options: nosniff
x-dc: gcp-europe-west1,gcp-us-east1,gcp-us-east1
x-download-options: noopen
x-liquid-rendered-at: 2022-03-31T00:38:07.765802052Z
x-permitted-cross-domain-policies: none
x-request-id: 08ad7218-7605-43f6-af04-8c9b80e52de4
x-robots-tag: noindex, nofollow
x-shardid: 41
x-shopid: 21814481
x-shopify-generated-cart-token: 9549d3131224ab7aea65fc36502d68cc
x-shopify-stage: production
x-sorting-hat-podid: 41
x-sorting-hat-shopid: 21814481
x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=store_code&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fdiscounts&source%5Bsection%5D=storefront&source%5Buuid%5D=08ad7218-7605-43f6-af04-8c9b80e52de4

GET
H2 200 load_feature-8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/storefront/ 10 KB
3 KB 46ms
6ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.141,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 2801
x-xss-protection: 1; mode=block
x-request-id: d34b425e947dccf59d533bbf705ef4ac
x-served-by: cache-lga21927-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.360246,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392.js>; rel="canonical"
x-cache-hits: 364393, 155179

GET
H2 200 storefront-b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/ 49 KB
17 KB 47ms
7ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8.js?v=20210208

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.140,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 17403
x-xss-protection: 1; mode=block
x-request-id: d24f68e00ad2c387919512c88e2154be
x-served-by: cache-lga13625-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.360315,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8.js>; rel="canonical"
x-cache-hits: 1, 72210

GET
H2 200 features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/storefront/ 37 KB
12 KB 7ms
6ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=0.196,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 12298
x-xss-protection: 1; mode=block
x-request-id: fd7577181f319dfc433e9e043aa535e6
x-served-by: cache-lga21970-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.380608,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js>; rel="canonical"
x-cache-hits: 445331, 147633

GET
H2 404 FuturaPT-Heavy.woff2
cdn.shopify.com/s/files/1/2181/4481/t/34/assets/ 0
0 137ms
97ms Font
text/html 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/34/assets/FuturaPT-Heavy.woff2

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, MISS
server-timing: cdn;dur=0.515,cdnPop;desc=LGA,cdnCache;desc=HIT-CLUSTER, cdn;dur=85.027,cdnPop;desc=HHN,cdnCache;desc=MISS-CLUSTER,cdnOriginTTFB;dur=84.078,cdnOriginTTLB;dur=84.905
content-length: 2770
x-xss-protection: 1; mode=block
x-request-id: 8120b86491c6af33e91183e03f6f5d74
x-served-by: cache-lga21926-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.360187,VS0,VE85
date: Thu, 31 Mar 2022 00:38:08 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 0

GET
H2 200 landing-fw-2021.css
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 215 KB
25 KB 47ms
8ms Stylesheet
text/css 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

82a3ebb0e6b05eeb178b05ed29d9c63aa3b76bd55c458d20b55367366fa85a48

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=1.042,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 25211
x-xss-protection: 1; mode=block
x-request-id: bc67ac897455b2c49273723a24e8f269
x-served-by: cache-lga21960-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.360215,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 gtm.js Show response
ssapi.herocosmetics.us/ 328 KB
109 KB 296ms
195ms Script
application/javascript 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: b352dfc31629c483aaa45c0d13786096eb0991c8955fd268e33cbe32f13e01c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 00:00:00 GMT
server: Google Frontend
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-cloud-trace-context: b4532bc445c9e7b3a738e8ce17ed1d9e
cache-control: private, max-age=450
content-length: 111191
expires: Thu, 31 Mar 2022 00:44:04 GMT

GET
H2 200 trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js Show response
cdn.shopify.com/s/ 79 KB
17 KB 8ms
7ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

7594b5b004d92a957618cf442dab030acf7c392de49cbac3e969f06c0498a376

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=0.179,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 16608
x-xss-protection: 1; mode=block
x-request-id: ed2312648364dc101e5bf4371e79a0da
x-served-by: cache-lga21966-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.381023,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js>; rel="canonical"
x-cache-hits: 3, 42876

GET
H2 200 shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/ 8 KB
3 KB 8ms
8ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=0.156,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 2560
x-xss-protection: 1; mode=block
x-request-id: 1eb88e98fda0736f43b081080bd1971e
x-served-by: cache-lga21963-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.381074,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js>; rel="canonical"
x-cache-hits: 43036, 221330

GET
H2 200 FuturaPT-Book.woff2
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 40 KB
41 KB 8ms
8ms Font
font/woff2 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/FuturaPT-Book.woff2

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

9102e7d07194ef0d231630e5acb69d75f2e44f6c48610aa0f8330fbb6fa2794b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=1.005,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 41248
x-xss-protection: 1; mode=block
x-request-id: 1a1ca1eef5cbeb3437865c4813071a16
x-served-by: cache-lga21922-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.381963,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/FuturaPT-Book.woff2>; rel="canonical"
x-cache-hits: 1, 1

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
301 B 171ms
127ms Ping
text/plain 104.16.255.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.255.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
access-control-allow-methods: OPTIONS,POST
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc: gcp-us-east1,us-east1
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: 4691fa36-5028-407f-b331-5b408d87e1cb
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSJdhOqiDsCJy766nZ076JKMg%2BUgcmhWEU%2FyS1%2B3VB%2Fwys6nHY4kWclmiLPd9udIHtRfKyderxz8AcHLKbT5HpZVrqDQ%2Bo1ePuOwAKVyGNHlTnV12Q41edItyj%2BUQWpFwqKFoqxEyYb4LCivuVs%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
access-control-allow-credentials: true
cf-ray: 6f45053ecd01924a-FRA
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For

GET
H2 200 icon-close.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 538 B
934 B 9ms
7ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-close.svg?v=8812735099044301167

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

dc131657068707ac57506e3053ea092a346e7364ec91bc922b4f78921e73a9e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 538
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.625,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 238
x-xss-protection: 1; mode=block
x-request-id: 47587f944a1d9c2e27c6b61a051fd6ca
x-served-by: cache-lga21948-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.409159,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-close.svg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 Shop_All_cf0a151a-ca4a-4d19-a48c-82a81074ae09.jpg
cdn.shopify.com/s/files/1/2181/4481/files/ 82 KB
82 KB 20ms
18ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Shop_All_cf0a151a-ca4a-4d19-a48c-82a81074ae09.jpg?v=1619114435

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

c4903cceaa5a514cfd8175be52f5fb06be0fd7b4a6166c33b905e168313da339

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 84146
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.611,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 84146
x-xss-protection: 1; mode=block
x-request-id: c1871c12d989911ee4b1228340cce076
x-served-by: cache-lga21948-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.410642,VS0,VE2
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Shop_All_cf0a151a-ca4a-4d19-a48c-82a81074ae09.jpg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 Blemish_Pastches.jpg
cdn.shopify.com/s/files/1/2181/4481/files/ 43 KB
43 KB 26ms
24ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Blemish_Pastches.jpg?v=1619114435

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

0132fa782db515ae10b5709fba1b755851d22ec063d3f21fe62226b04b2021e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 43682
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.823,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 43682
x-xss-protection: 1; mode=block
x-request-id: 9d290158bfeaab02f55b443e52feb009
x-served-by: cache-lga21955-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.410641,VS0,VE2
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Blemish_Pastches.jpg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 Post_blemish.jpg
cdn.shopify.com/s/files/1/2181/4481/files/ 51 KB
51 KB 10ms
8ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Post_blemish.jpg?v=1619114435

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

c338a9a0c715aed85cfaab33d62a85b181504af3c74403d7847c24ae9a1662da

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=0.988,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 51816
x-xss-protection: 1; mode=block
x-request-id: 547e449b6dbc9c405a5730aa1effdc53
x-served-by: cache-lga13622-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.410906,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Post_blemish.jpg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 Daily_Care_267c8d81-81cc-4a3a-91c6-41c197c3733e.jpg
cdn.shopify.com/s/files/1/2181/4481/files/ 48 KB
49 KB 20ms
18ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Daily_Care_267c8d81-81cc-4a3a-91c6-41c197c3733e.jpg?v=1619114435

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

50bb211c6c8a9f2f74ffa220dfcb6365fdda28ca6544da1671e3e1657d50b27f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.386,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 49398
x-xss-protection: 1; mode=block
x-request-id: 006825dc295d42e1a2f8e217739b0213
x-served-by: cache-lga21969-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.410967,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Daily_Care_267c8d81-81cc-4a3a-91c6-41c197c3733e.jpg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 icon-chev-right.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 408 B
489 B 9ms
8ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-chev-right.svg?v=2731603306874830471

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

dbe74252035fd1cda8b03e76098b49b0530e2e9470b004549f628b1e840e6694

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 408
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=0.923,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 227
x-xss-protection: 1; mode=block
x-request-id: 846b4ae96218c741807adc5961abbe94
x-served-by: cache-lga21947-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.411014,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-chev-right.svg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 icon-chev-left.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 371 B
873 B 18ms
17ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-chev-left.svg?v=17693300543743243984

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

570c18a72f8c237ee28c78cc10ac99cece43c0b4a95aa2afd497dd70716dc5fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 371
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.176,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 200
x-xss-protection: 1; mode=block
x-request-id: 38f661e244ede285e5f22255c66ba824
x-served-by: cache-lga21935-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.411091,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-chev-left.svg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 185ms
114ms Script
application/javascript 2a02:26f0:3500:893::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
x-cdn: akamai
etag: "c4a0eea377c5e0da574e46f4d6e838e5"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1142
access-control-expose-headers: X-CDN

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 123 KB
36 KB 133ms
100ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C2R434VBHJVP7P6R4110&lib=ttq
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2bba4f6297c4d6cfeb1a9e8f2511fc1c24f93863728b216bfb213faf0fd7f669

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 202203310038080101130060111E36D1BF
vary: Accept-Encoding
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 93,23.36.161.204
x-tt-trace-host: 01805103d436a3107b2ee6aa42f671e1e9ef013390a4958b8ab138b9d218f1366738b67ef64ca5ecd75a506ee8e4d596b7cf943331d5dc1f46c8458960161ef8351cba6448e501723aa7298888d8d78da36ec6595533dd8797663fbb594751cf05
server-timing: inner; dur=1, cdn-cache; desc=MISS, edge; dur=0, origin; dur=93
x-akamai-request-id: 6f5eb150
expires: Thu, 31 Mar 2022 00:38:08 GMT

GET
H2 200 shopify-boomerang-1.0.0.min.js Show response
cdn.shopify.com/shopifycloud/boomerang/ 58 KB
17 KB 17ms
17ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

2b40e69b4b5c337e07359025eb264e9125b5228ed972eb8f0f95785a520af271

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.136,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 17404
x-xss-protection: 1; mode=block
x-request-id: c765f7ecf3294e0b6ca6a92d370f94f5
x-served-by: cache-lga21931-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.421967,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=3600, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-cache-hits: 502988, 251224

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
933 B 142ms
123ms Ping
text/plain 104.16.255.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.255.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
access-control-allow-methods: OPTIONS,POST
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc: gcp-us-east1,us-east1
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: 032096d4-1295-470a-94fa-fdb862552b24
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVGGZz%2BmitXp2%2BAYYVE2n23xlkyFMRokymHzKlz3Lo18TydHgwSU%2FdEfNX7TpmqQ8TVf%2FVYX%2B5LcgkYEoCWO71zJaDDg4GiCMeArWC%2F2XM5%2FxemsOCKkOcZ2bIRJghjshRz71IDJB43mnHAltbk%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
access-control-allow-credentials: true
cf-ray: 6f45053ecd02924a-FRA
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
300 B 136ms
124ms Ping
text/plain 104.16.255.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.255.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
access-control-allow-methods: OPTIONS,POST
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc: gcp-us-east1,us-east1
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: f59c0fab-66a1-4687-9318-00da6a43195d
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ogydZhNb6aBLUlEQ7PlMrRbcEz%2BljVSG7K4ucgqgii6l5%2BtOqR01MKTo9GGY8sGW%2FWo%2Ba3viZoiJBMUoJ%2B92E0uxwRjOTH52XnaLrT%2F9vXFfvfae5g91LZcuZamKu1xJqrKO6HIrhUTjbATuFlU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
access-control-allow-credentials: true
cf-ray: 6f45053ecd04924a-FRA
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
314 B 171ms
160ms Ping
text/plain 104.16.255.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.255.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
access-control-allow-methods: OPTIONS,POST
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc: gcp-us-east1,us-central1
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: 122a581c-4b6a-40cd-9b71-caa5c259eae3
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEDkHPK68pvg4DZyJv%2FQerAQ0XgRQaxUKVsG2wjA681MGjbWyCUpspxoMn4kjviL2ksohqcwPBe7VLBxrlv1xETmwB5Z4Vdk43EKdAUVJ19Jk2xO9xkK1vIKklgguZVAhao%2FZ0kCDlhOeMITy9c%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
access-control-allow-credentials: true
cf-ray: 6f45053ecd05924a-FRA
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For

GET
H2 200 MPN_600x600_067bb30b-1b19-4796-b544-b8f07602c95f_750x@2x.png
cdn.shopify.com/s/files/1/2181/4481/files/ 15 KB
16 KB 11ms
5ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/MPN_600x600_067bb30b-1b19-4796-b544-b8f07602c95f_750x@2x.png?v=1648580685

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

018e1aaa233851f38c3a43b05b8026f2ea7d40710360e12268bb4d5ef886e797

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.817,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 15602
x-xss-protection: 1; mode=block
x-request-id: 631cf1ac0bc82efacfc3d6973c401607
x-served-by: cache-lga21937-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.435336,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/MPN_600x600_067bb30b-1b19-4796-b544-b8f07602c95f_750x@2x.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 Hero_FS_SPF_Front_web_750x@2x.png
cdn.shopify.com/s/files/1/2181/4481/files/ 15 KB
15 KB 20ms
14ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Hero_FS_SPF_Front_web_750x@2x.png?v=1648580715

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

620c089d4f76b3e0bec673e32271f3225e2d6280756bcfe4f2c61f1e70fa9e9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 14898
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.064,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 14898
x-xss-protection: 1; mode=block
x-request-id: 6af166fceb1b69dd1f40cf5f0b2003fc
x-served-by: cache-lga21953-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.438239,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Hero_FS_SPF_Front_web_750x@2x.png>; rel="canonical"
x-cache-hits: 3, 1

GET
H2 200 Hero_RB_Thumbnail_596x596_881ea59c-60c1-415d-a3fb-ef89466f00e6_750x@2x.png
cdn.shopify.com/s/files/1/2181/4481/files/ 14 KB
15 KB 19ms
13ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Hero_RB_Thumbnail_596x596_881ea59c-60c1-415d-a3fb-ef89466f00e6_750x@2x.png?v=1648580750

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

6940b24ef4f1e0836aab174afc3990d6bd16dbf0e9afe4000b0fbb24bb9e89d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 14258
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.860,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 14258
x-xss-protection: 1; mode=block
x-request-id: 04bca1e92a0ce9d741af9638e8436c2a
x-served-by: cache-lga21973-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.438294,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Hero_RB_Thumbnail_596x596_881ea59c-60c1-415d-a3fb-ef89466f00e6_750x@2x.png>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 2021-google-feed-MPN-01-product-front_152x@2x.jpg
cdn.shopify.com/s/files/1/2181/4481/files/ 6 KB
6 KB 20ms
14ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/2021-google-feed-MPN-01-product-front_152x@2x.jpg?v=1639672700

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

e5b40a141481590cce13aa3aee49b7ba7fad812893b4b0f6751b5706caab4523

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 5982
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.891,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 5982
x-xss-protection: 1; mode=block
x-request-id: 914a94d0ff22fb2fca6178dad07538c9
x-served-by: cache-lga21929-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.440315,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/2021-google-feed-MPN-01-product-front_152x@2x.jpg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 theSkimm_SecondaryLogo_e20e0138-dd88-4641-9ec1-26a1319f8069_152x@2x.png
cdn.shopify.com/s/files/1/2181/4481/files/ 6 KB
7 KB 19ms
14ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/theSkimm_SecondaryLogo_e20e0138-dd88-4641-9ec1-26a1319f8069_152x@2x.png?v=1639515440

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

aff3f5c59ca98127f2816e2c0a9480245947eef51a28e730335fd22df0afc207

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 6458
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.881,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 6458
x-xss-protection: 1; mode=block
x-request-id: 30a7a03afd3e1a27528719ab418805b4
x-served-by: cache-lga21936-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.440378,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/theSkimm_SecondaryLogo_e20e0138-dd88-4641-9ec1-26a1319f8069_152x@2x.png>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 FuturaPT-Heavy.woff2
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 46 KB
46 KB 17ms
16ms Font
font/woff2 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/FuturaPT-Heavy.woff2

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

d903a35a90276fed8d286f4de9f6ab44db076826cdb14a82d2e418aeb79b92ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=1.169,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 46800
x-xss-protection: 1; mode=block
x-request-id: 29c324ff1edb6d36d71e73c3250d1f38
x-served-by: cache-lga21957-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.440340,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/FuturaPT-Heavy.woff2>; rel="canonical"
x-cache-hits: 3, 1

POST
H2 200 produce_batch
monorail-edge.shopifysvc.com/unstable/ 0
303 B 128ms
127ms Ping
text/plain 104.16.255.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/unstable/produce_batch

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.61e828e6777cdb0a282d318c770e463a59ad464f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.255.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
access-control-allow-methods: OPTIONS,POST
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc: gcp-us-east1,us-east1
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: 878744eb-d4c4-4c5b-b146-cf5c24dc98b8
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dl4zW3SUqE8X8sl1Z9ez1RijGHaH9bONG08GzlDcdA1vzS2cqHxiOR%2B%2FuYq1txaSvUHEtt%2F5n%2BYNzM0BjjJW%2BHtAoWzlOH1N1LhAxP3Ahn3CSGZPbQ6BkFhGJyBHOpXR880CX6jXRQQGTd%2BW%2Fuo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
access-control-allow-credentials: true
cf-ray: 6f45053edd21924a-FRA
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For

GET
H2 200 Lowres_MPN_marketing_3_800x800_crop_center@2x.jpg
cdn.shopify.com/s/files/1/2181/4481/files/ 127 KB
127 KB 9ms
8ms Image
image/webp 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/files/Lowres_MPN_marketing_3_800x800_crop_center@2x.jpg?v=1648221280

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

32e7c529d0419ae439900660187336c2c5f94606f99a278cd9cd215d911b6c42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 129884
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.259,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 129884
x-xss-protection: 1; mode=block
x-request-id: 9a06e3b3e6f71b8bb34c5c5416fbbeb5
x-served-by: cache-lga21935-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.451097,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/files/Lowres_MPN_marketing_3_800x800_crop_center@2x.jpg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 hero-loader.gif
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 34 KB
34 KB 15ms
9ms Image
image/gif 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/hero-loader.gif?v=849161317156052221

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

6e764ad12820c8fa355ebec189868b22da2c8a15105fa5b6b75dc3eab0e9dbe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 34308
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=1.471,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 34308
x-xss-protection: 1; mode=block
x-request-id: 1c99f9927d816d000f83dc680ab12020
x-served-by: cache-lga21927-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.461040,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/hero-loader.gif>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 icon-exclamation-error.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 783 B
1 KB 14ms
9ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-exclamation-error.svg?v=12583636007603589187

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

6a3dbb230b9c333a39405f7dc4115a91bb3dcae67f68c76ac5c81451dc2f4ac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 783
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.859,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 338
x-xss-protection: 1; mode=block
x-request-id: c4ba261b42caab376b4ca005c0dab95e
x-served-by: cache-lga21972-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.461781,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-exclamation-error.svg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 icon-arrow-right-black.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 489 B
528 B 15ms
10ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-arrow-right-black.svg?v=16859636164420027916

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

4c718e6c04604e704e210624d400222cd989eb140a8b7ff479ced4f7c116e96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 489
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.836,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 271
x-xss-protection: 1; mode=block
x-request-id: 1869fef42a7b44257f708fd67227f12e
x-served-by: cache-lga21934-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.461858,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-arrow-right-black.svg>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 free-shipping.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 445 B
501 B 15ms
11ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/free-shipping.svg?v=5033123295007177537

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

7b3a311e463360814d373ee4ebd1f7ed7f2168953f50b409c5f0115d9bfe89e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 445
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.791,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 258
x-xss-protection: 1; mode=block
x-request-id: 70e06894a42f8aded28de012e1fb2a71
x-served-by: cache-lga21920-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.461929,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/free-shipping.svg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 icon-coin-yellow-md.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 647 B
977 B 16ms
12ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-coin-yellow-md.svg?v=13281889291496749214

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

3fa4fd1e31aabb8a3ff5f8bbaae61c86fcb33566abfc08a3b9ff473eaff624d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 647
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.772,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 293
x-xss-protection: 1; mode=block
x-request-id: 44b35a98c1da5135e01461c69cab5628
x-served-by: cache-lga21948-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.462004,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-coin-yellow-md.svg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 FuturaPT-Demi.woff2
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 43 KB
43 KB 12ms
11ms Font
font/woff2 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/FuturaPT-Demi.woff2

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4047-HHN /

Resource Hash

b79adf570b66bcd072b6f3ea35e760f7433030c083c686a08b6ba740f532098a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/landing-fw-2021.css?v=3507967068846759102
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.763,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 43869
x-xss-protection: 1; mode=block
x-request-id: 42ecb72ec86de885b80164e5eb15146e
x-served-by: cache-lga21947-LGA, cache-hhn4047-HHN
server: cache-hhn4047-HHN
x-timer: S1648687088.462842,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/FuturaPT-Demi.woff2>; rel="canonical"
x-cache-hits: 43, 1

GET
H2 200 icon-exclamation-warning.svg
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 783 B
1 KB 14ms
8ms Image
image/svg+xml 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-exclamation-warning.svg?v=3834381787647915649

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

9ebbd916b6c322597da4b1ac0ef4bbbf04d00339cfc619424a99f929b69e608e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 783
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.845,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 340
x-xss-protection: 1; mode=block
x-request-id: e1b0b71a6652cc08d36c073a735a6d14
x-served-by: cache-lga21983-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.481088,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/icon-exclamation-warning.svg>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.6.0/ 61 KB
22 KB 57ms
22ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.6.0/gsap.min.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3ed6cb466bd654fe36c57faacb1c88ad4e2793087431d6ffc5366961a4c978f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 534659
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22265
timing-allow-origin: *
last-modified: Tue, 12 Jan 2021 06:17:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ffd3ef5-f398"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8j6otOTvoLNNN%2Bx1lXXjWTLZgIge2P9XgNh509mRvB2YFIuf2K%2BuQAncpS4IJzqQBo3hRbPEt7wmBjSngQ6WDGjjkMQ8cgzaFKOnkHVGkoCSAuuq7J40y%2FwIKEobzM0PrP8tQNC2tLatLgvCT2%2BcAW0N"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f45053f3be690c1-FRA
expires: Tue, 21 Mar 2023 00:38:08 GMT

GET
H2 200 swiper-bundle.min.js Show response
unpkg.com/swiper@6.6.2/ 141 KB
39 KB 63ms
28ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@6.6.2/swiper-bundle.min.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb23842e002864729d3e39cf25f636f55d6fce297c0154dd6b54d1f5b815d671

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 532784
fly-request-id: 01FYYTFZBFDE5T277CM9HN1Y11-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"233d7-mZelZ23GqQ/jYOpc8MQCKmqF0Cg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f45053f39119025-FRA

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.1/ 2 KB
1 KB 55ms
20ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.1/js.cookie.min.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a04d373be23a3f37dfe1f88cab01061db75f716edadc6451c652fe538f4be6c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Origin: https://www.herocosmetics.us
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 536633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 701
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-653"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuyHa%2BFL9hctvL3%2FXlc5yGc8Agn2AgyJXr%2F1m48Lnlx%2F97BsdVCscAYLTbT%2BmZVsPpr6ANjTdp9Xz2j7l5bEVRJRGdQD6G0rebP%2FsyMVRrG13hOXwUDOdSA1PFM%2BsY1tUBnL6U2ew8y%2BCyZhKgKG5oJR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f45053f3be890c1-FRA
expires: Tue, 21 Mar 2023 00:38:08 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 86 KB
29 KB 11ms
8ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/jquery-3.4.1.min.js?v=16073738998526399014

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 88144
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.865,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 29895
x-xss-protection: 1; mode=block
x-request-id: baec29e60a183597454843d1cfecdeb3
x-served-by: cache-lga21965-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.481172,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/jquery-3.4.1.min.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js Show response
cdn.shopify.com/shopifycloud/shopify/assets/themes_support/ 6 KB
2 KB 10ms
7ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=0.132,cdnPop;desc=HHN,cdnCache;desc=HIT
content-length: 1678
x-xss-protection: 1; mode=block
x-request-id: a2e65dbaef109ee5962847b2b806ca9c
x-served-by: cache-lga21959-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.481220,VS0,VE0
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js>; rel="canonical"
x-cache-hits: 544, 25481

GET
H2 200 vendorCritical.js Show response
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 21 KB
8 KB 12ms
9ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/vendorCritical.js?v=14669816439639970880

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

4e6a565ae41929e4f292ac16a6dd242138e28fb4529e80b2acd0031b6b0bee2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 21339
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.856,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 7980
x-xss-protection: 1; mode=block
x-request-id: 1986eb8c0df7206a17aa9c6b4c2975f4
x-served-by: cache-lga21953-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.481261,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/vendorCritical.js>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 mainCritical.js Show response
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 86 KB
20 KB 13ms
11ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/mainCritical.js?v=623890873901613900

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

0d542c4608bda1884da8d94f0c1afa40fe41f1933f94fd81900cf27fd2ef9b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 88343
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=1.246,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 19344
x-xss-protection: 1; mode=block
x-request-id: f825989735086782dae2e91fe47c718a
x-served-by: cache-lga21943-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.481389,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/mainCritical.js>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 main.js Show response
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 156 KB
42 KB 12ms
10ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/main.js?v=8700120975951171169

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

3cf0508247bad5a2f3d49f841b4067d5951a8afa42b19cfb437a48db181b2e90

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 159789
x-dc: gcp-us-east1
x-cache: HIT, HIT
server-timing: cdn;dur=1.213,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 42645
x-xss-protection: 1; mode=block
x-request-id: 8a9ff0765f009bd8a83182b22250882b
x-served-by: cache-lga21931-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.481398,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/main.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 pageFallWinter2021.js Show response
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 229 KB
63 KB 12ms
10ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/pageFallWinter2021.js?v=17655687663957356683

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

d0da9204fd47a966df2196099d0359d4b1916309766505f7586418370746dab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn: Fastly, http2
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=1.165,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 64531
x-xss-protection: 1; mode=block
x-request-id: d4148ecbca02a6b9c5f4c0e149c11e57
x-served-by: cache-lga21925-LGA, cache-hhn4053-HHN
server: cache-hhn4053-HHN
x-timer: S1648687088.481424,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/pageFallWinter2021.js>; rel="canonical"
x-cache-hits: 1, 1

GET
H2 200 17095.js Show response
www.dwin1.com/ 30 KB
8 KB 167ms
108ms Script
application/javascript 2600:9000:2156:5800:f:8ce2:fb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dwin1.com/17095.js
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5800:f:8ce2:fb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0da07fffccf7c2c9ec36027686abc3e702576fa091eabf0b234350432e559f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: 0oLiV_TxB7Or7JEgYcnXZQIPkbgCUiHL
content-encoding: gzip
last-modified: Thu, 24 Feb 2022 12:58:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: W/"7da5bfa49f08c399d46614a1ad1a6710"
access-control-allow-methods: GET, HEAD
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600, s-maxage=600
date: Thu, 31 Mar 2022 00:38:09 GMT
x-amz-replication-status: COMPLETED
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 9u-wYhA9S-kpVKkx5YKvCug7HOqzVLgl-tfXkLFpKTB6M9vBtKy9yw==
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)

GET
H2 200 klaviyo.js Show response
static.klaviyo.com/onsite/js/ 2 KB
1 KB 50ms
7ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LGmb7q
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d425602f94353d2493ea3f52843f4237e815066453f88aa6e286bb203ed9aef1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
age: 4482
x-cache: HIT, HIT
access-control-max-age: 86400
content-length: 837
x-served-by: cache-lga21932-LGA, cache-hhn4078-HHN
access-control-allow-origin: *
allow: GET, OPTIONS
server: nginx
x-timer: S1648687089.576534,VS0,VE1
etag: W/"9f3cc190076723013dbba5a96f9f2c6f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=1, stale-while-revalidate=10800
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers
x-cache-hits: 1, 1

GET
H2 200 dtag.js Show response
cdn.attn.tv/hero/ 0
374 B 51ms
9ms Script
text/javascript 2600:9000:2315:1400:1c:9484:cec0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.attn.tv/hero/dtag.js
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:1400:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: kGJjc2HxNgGNuk_7UqP1h9o.liqWLb8I
content-encoding
last-modified: Mon, 17 Dec 2018 20:59:49 GMT
server: AmazonS3
age: 26967
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-cache: Error from cloudfront
content-type: text/javascript
via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
date: Wed, 30 Mar 2022 17:08:42 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 0
x-amz-cf-id: w3sI04Puh3-F2sKNnqVRiSLuO_g38i0Z07Q_SaFAHkF3ksxCGcHEwA==

GET
H2 200 sms_aff_clicktrack.js Show response
static.myshlf.us/Affiliates/ 2 KB
1 KB 56ms
7ms Script
application/javascript 143.204.98.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.myshlf.us/Affiliates/sms_aff_clicktrack.js
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-64.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6903d61b1cc414c444950c4aab5ceb178c35269902df7acf00057c3317098083

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 03:27:21 GMT
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 16:46:02 GMT
server: AmazonS3
age: 85207
etag: W/"d989db17a826565d651b1ae968c945ff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b8ac2d6d64dc42007741d312e2d73aa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: CJ5Ka6_qF-dxj9Zro3qLp9g3f_WC16nYBW_nZ_GiTS942_9QJ5nS9w==

GET
H2 200 liveChat.js Show response
cdn.shopify.com/s/files/1/2181/4481/t/82/assets/ 13 KB
4 KB 11ms
10ms Script
application/javascript 2a04:4e42:400::268
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/liveChat.js?v=2801480303150370111

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cache-hhn4053-HHN /

Resource Hash

f09f22f229518f3a08e539003775277e2211b29074780550f0b86ca365cdf4f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
fastly-original-body-size: 13079
x-dc: gcp-us-central1
x-cache: HIT, HIT
server-timing: cdn;dur=0.789,cdnPop;desc=HHN,cdnCache;desc=HIT-CLUSTER
content-length: 3786
x-xss-protection: 1; mode=block
x-request-id: 3f0d54fd37901fa9d80c89ab49d4a5f8
x-served-by: cache-lga13625-LGA, cache-hhn4053-HHN
x-cdn: Fastly, http2
server: cache-hhn4053-HHN
x-timer: S1648687088.481464,VS0,VE1
date: Thu, 31 Mar 2022 00:38:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31557600
accept-ranges: bytes
timing-allow-origin: *
link: <https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/liveChat.js>; rel="canonical"
x-cache-hits: 2, 1

GET
H2 200 gtm-suite.js Show response
shopify-gtm-suite.getelevar.com/shops/415acc71b987ca41929de242bce23aa27aeecc5c/ 106 KB
34 KB 48ms
15ms Script
application/javascript 34.120.58.162
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://shopify-gtm-suite.getelevar.com/shops/415acc71b987ca41929de242bce23aa27aeecc5c/gtm-suite.js
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.58.162 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 162.58.120.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d04c01926dc18bb1aa1b0b07f12bb45c930a8c868f0b65e4c9961eaafa614c21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 13:51:23 GMT
content-encoding: gzip
age: 2458005
x-guploader-uploadid: ADPycdv32mqOxg0IfmDlry6Kd2mjwje2KK9bh4AtWWw6kAVt2uoO0ntoG3qYNKbrTPzIneC7oShKzRVT_eo2JI7iF18hh_kIkg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 33980
last-modified: Mon, 12 Apr 2021 15:05:44 GMT
server: UploadServer
etag: "c1db629ef1bba51f21c4a66368436442"
vary: Origin
x-goog-hash: crc32c=2KKXoA==, md5=wdtinvG7pR8hxKZjaENkQg==
x-goog-generation: 1618239944482764
cache-control: no-transform
x-goog-stored-content-length: 33980
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 02 Mar 2023 13:51:23 GMT

GET
H2 200 session Show response
shop.app/pay/ 18 B
1 KB 192ms
135ms Fetch
application/json 23.227.38.33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shop.app/pay/session?v=1

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.227.38.33 , Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

checkout.shopify.com

Software

cloudflare /

Resource Hash

9b5179ea2a77fe69b294fbd2ed504eacbfbe048ede58967b43af2ca537144b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
x-dc: gcp-us-east1,us-east1
p3p: CP="Not used"
content-type: application/json; charset=utf-8
access-control-allow-methods: GET, OPTIONS
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 6d22f32a-4830-4a40-9479-2b4bd5d41a4a
x-runtime: 0.003991
x-robots-tag: noindex
server: cloudflare
x-frame-options: DENY
etag: W/"9b5179ea2a77fe69b294fbd2ed504eac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDDPxe8i7dDIUXFKS4xkqPXB7zdxS6eM2veSAz2USzxGgMnWsinY1SCU2XA7LY%2FavIazn0zbRggax48HAbi1nOfBMC9IVWSqIJxbMKIkpEVN87U2EuzyWET6"}],"group":"cf-nel","max_age":604800}
x-download-options: noopen
access-control-allow-origin: https://www.herocosmetics.us
vary: Accept-Encoding, Accept, Origin
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6f4505400d68927f-FRA
x-sorting-hat-podid: -1
access-control-expose-headers

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 99ms
99ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C2R434VBHJVP7P6R4110&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-akamai-request-id: 71c291c8.6f5eb19f
date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-222-79-15.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-parent-response-time: 92,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=88, origin; dur=4, inner; dur=2
pragma: no-cache
server: nginx
x-tt-logid: 2022033100380801011313517420FF6B31
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 4,23.222.79.15
x-tt-trace-host: 01805103d436a3107b2ee6aa42f671e1e96c06a703e265a8182cd12ba78dd92f44fd74f847270b24565c5e036aadd77d0bd517fefda739ba89f7fd702ac6a32db046b3fef0e663cecc7f864f257d913ebde34193b387f4056835a4ecd134fdae38caa1c5255b5c63b3784cfe52fdbc8754
expires: Thu, 31 Mar 2022 00:38:08 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 150ms
149ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C2R434VBHJVP7P6R4110&hostname=www.herocosmetics.us
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C2R434VBHJVP7P6R4110&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 025bb60376c5c91d7880bbb48f3903ab908c3b474faa79a2d1728729cd1ec751

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-akamai-request-id: 70ff1700.6f5eb1b4
date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-222-79-39.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-parent-response-time: 143,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=128, origin; dur=15, inner; dur=3
content-length: 1764
pragma: no-cache
server: nginx
x-tt-logid: 20220331003808010113006214060E7A4C
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 15,23.222.79.39
x-tt-trace-host: 01805103d436a3107b2ee6aa42f671e1e96c06a703e265a8182cd12ba78dd92f446381d2e1eb29d24cb7610f54209d4a73b9071495d29c50e05a3b7098dadf19f6b5dc194577335c2e80b0be00267ac52e52e665ad595b59acf455eec861afe982e8f30c05ccb94161cfc8f58e52c2d67a
expires: Thu, 31 Mar 2022 00:38:08 GMT

GET
H2 200 main.32155010.js Show response
s.pinimg.com/ct/lib/ 52 KB
18 KB 116ms
116ms Script
application/javascript 2a02:26f0:3500:893::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.32155010.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: gzip
x-cdn: akamai
etag: "fd86de14455274a7c147dc95b77e18e3"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18298
access-control-expose-headers: X-CDN

GET
H2 200 fender_analytics.41a529467ab898775b9b.js Show response
static-tracking.klaviyo.com/onsite/js/ 22 KB
8 KB 53ms
7ms Script
application/x-javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/fender_analytics.41a529467ab898775b9b.js
Requested by: Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LGmb7q
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac828532f050274f27d56c1fc076fc7e9d81d3dc58eb5381d9a4f800a207a919

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: q6j8oXc.ccyFExkZSMPbqe.QKqG.X4J2
content-encoding: gzip
age: 4485
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 7503
x-amz-id-2: 820T8CvOyX3P3f8IuRczt/6QPfnoVThBdcw+jJe3c42AiH+8x/K77D9PIRfLoi62pOOhOrf3rJ8=
x-served-by: cache-lga13627-LGA, cache-hhn4031-HHN
last-modified: Wed, 30 Mar 2022 23:22:25 GMT
server: AmazonS3
etag: "e8f01dd2a895ad11c64a0f6c0057b79f"
vary: Accept-Encoding
x-amz-request-id: 46PR1JXMRVG7HZ1P
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=2592000, stale-while-revalidate=10800
accept-ranges: bytes
content-type: application/x-javascript
date: Thu, 31 Mar 2022 00:38:08 GMT
x-cache-hits: 2, 1802

GET
H2 200 static.7ff9f481bc8b04117d52.js Show response
static-tracking.klaviyo.com/onsite/js/ 14 KB
6 KB 53ms
8ms Script
application/x-javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/static.7ff9f481bc8b04117d52.js
Requested by: Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LGmb7q
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89c995b5aa2ebb453c8b3380fa90ad6e04864d70b52a02ac63ebb33cfad744b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: JNkA21FCuMtRifTBL3R8KQ6Lr7GlCeAU
content-encoding: gzip
age: 4485
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 5916
x-amz-id-2: iY/qK56xySDYxo5GrrrzUaG8sGTDG/NKn0gNR0M1AkiCRcb+R0qbdN0aMGS7XH9e/kc6aWGWVI8=
x-served-by: cache-lga21968-LGA, cache-hhn4031-HHN
last-modified: Wed, 30 Mar 2022 23:22:25 GMT
server: AmazonS3
etag: "8fe772b7eaa0bf7c18d7e082be478965"
vary: Accept-Encoding
x-amz-request-id: 46PMJWMG1HK8F1T2
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=2592000, stale-while-revalidate=10800
accept-ranges: bytes
content-type: application/x-javascript
date: Thu, 31 Mar 2022 00:38:08 GMT
x-cache-hits: 1, 1800

GET
H2 200 sharedUtils.f75fc3387031fd899369.js Show response
static.klaviyo.com/onsite/js/ 49 KB
15 KB 6ms
6ms Script
application/x-javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/sharedUtils.f75fc3387031fd899369.js
Requested by: Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LGmb7q
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4112e24c0f08e63e179a1623a1e09e4d81b0a47977cf8d34563f4f91ab351b2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: VH5vLWN38pSNQ2fRu4aR576KahlgIF.c
content-encoding: gzip
age: 4485
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 14785
x-amz-id-2: rZwRrZbnNgwLyXHYl6KdWPCSTVWszmceb1TV1+w9QyYl5htASVnkDeUoGkvdjYH9CxxtOz72dSA=
x-served-by: cache-lga13620-LGA, cache-hhn4078-HHN
last-modified: Mon, 21 Mar 2022 16:31:45 GMT
server: AmazonS3
etag: "512aa4eb1681591eb997d6e796472ed0"
vary: Accept-Encoding
x-amz-request-id: BY57MRHS9TH1EF8N
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=2592000, stale-while-revalidate=10800
accept-ranges: bytes
content-type: application/x-javascript
date: Thu, 31 Mar 2022 00:38:08 GMT
x-cache-hits: 1, 1730

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ 20 KB
6 KB 65ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=1f2cc95f-56d2-40f4-ac66-85995abfa13f

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/2181/4481/t/82/assets/liveChat.js?v=2801480303150370111

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f1d6d4cc75e4aa9496b424cd30b080acfdc983a42910afcd0069560cf2b11d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 9WY6SS4NSF8G4BH8
x-amz-id-2: Nq2xeHkeJQYGHmpefrR+su2MaIpylXOuu65w2ztdk0SHHA7eqx/eaCyiWCfXR/DciK4wjirOFzg=
last-modified: Wed, 02 Mar 2022 22:42:26 GMT
server: cloudflare
etag: W/"b687c8c87e4bb1d316102239ec8bdb5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5x4KxBVdYDyqta67PgLfd9U%2FBAF3YIa3Wa40bad3mjRN9pxigwMyzTzm2aNM10E5MuNc46l2JdKRXjWk6ORuEbrgVS5gmt6uayzt575B0Gg19wqLIDa%2FdBvhlhZ1qLodqM6Ux8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: _Dpi7A8IulKqwnfX5Ya9rojoN_2lK2xr
cf-ray: 6f450540688d8fdd-FRA

GET
H3 200 cart.js Show response
www.herocosmetics.us/ 283 B
1 KB 180ms
180ms XHR
text/javascript 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.herocosmetics.us/cart.js?v=1648687088688

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecff0934fecdd9ab3571faea9dfdcffaa50abff93982a0c2c3e4e56394d6ebf0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-europe-west1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 21814481
x-shardid: 41
x-storefront-renderer-rendered: 1
server: cloudflare
content-language: en-DE
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=7889238
x-download-options: noopen
x-shopid: 21814481
x-request-id: 9b9057f6-eb68-44b4-b97d-40fe06f292eb
vary: Accept-Encoding, Accept
content-security-policy: block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
cf-ray: 6f4505405cef8ffa-FRA
x-sorting-hat-podid: 41
x-cartjs-updatedat: 1648687087

GET
H2 200 1f2cc95f-56d2-40f4-ac66-85995abfa13f Show response
ekr.zdassets.com/compose/ 434 B
996 B 224ms
182ms XHR
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/1f2cc95f-56d2-40f4-ac66-85995abfa13f

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7633b44b806a6e19c0d10dfbabf13a1b7e99096d38a45b47b0852d094d11603

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
vary: Origin, Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
status: 200 OK
access-control-allow-methods: GET, POST, OPTIONS
strict-transport-security: max-age=0
x-request-id: 07dc6cd0-3a64-4194-8b10-03f146c6a2cf
x-runtime: 0.002388
server: cloudflare
etag: W/"e7633b44b806a6e19c0d10dfbabf13a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sqdj7kwzfetRCnEpr2xbc%2Fis4QJrvNaVF2nkSFLhh39CEidcNJ%2Bf1xtJx5oIwtaW55fP77se30ElV4DWQJaiF48ruqg1o5W6Z3X0xCL0I1r4gmSHgTtnukMkhDVxe9Q7A04%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray: 6f450540ee7a6977-FRA

GET
H2 200 / Show response
ct.pinterest.com/user/ 487 B
734 B 61ms
32ms XHR
application/json 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2613867077094&pd=%7B%22np%22%3A%22shopify%22%7D&cb=1648687088803
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e9c31a063adbb7e4a65fa70898d44d33c4b1846b31e5064f88dd4ff8536b1248

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
referrer-policy: origin
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.herocosmetics.us
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
pin-unauth: dWlkPU4yRmpNR0psWldFdE1USTBaUzAwTURJeExUaGxNV010TW1VMU9ERmtPRE00WldJeQ
x-pinterest-rid: 1384061057099027
x-envoy-upstream-service-time: 0
access-control-allow-credentials: true
content-length: 352
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
96 B 57ms
33ms Image
image/gif 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2613867077094&pd=%7B%22np%22%3A%22shopify%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2232155010%22%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1648687088808
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:08 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
x-pinterest-rid: 3753899469794434
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
331 B 60ms
36ms Image
image/gif 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?event=PageVisit&ed=%7B%22np%22%3A%22shopify%22%7D&tid=2613867077094&pd=%7B%22np%22%3A%22shopify%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2232155010%22%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1648687088808
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:08 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
x-pinterest-rid: 9874842759079017
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
711 B 113ms
113ms Ping
application/octet-stream 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C2R434VBHJVP7P6R4110&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 65a7c45c.6f5eb214
date: Thu, 31 Mar 2022 00:38:08 GMT
x-cache-remote: TCP_MISS from a23-222-79-109.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-parent-response-time: 99,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=88, origin; dur=11, inner; dur=10
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202203310038080101130060111139834B
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 11,23.222.79.109
x-tt-trace-host: 01805103d436a3107b2ee6aa42f671e1e96c06a703e265a8182cd12ba78dd92f44a7183ef5009fb40245c5e0f9730197c760731cf4b36b3c0ec8c8489ce095e5a9f85dd67e0a0f10bf7fa179f1e5e962eb157fb4105ec268d92b5700df96e6a948dc2ac3e76d2e2f22e34cab730b39cd7e
expires: Thu, 31 Mar 2022 00:38:08 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
713 B 124ms
124ms Ping
application/octet-stream 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C2R434VBHJVP7P6R4110&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 65a7c3a9.6f5eb215
date: Thu, 31 Mar 2022 00:38:08 GMT
x-cache-remote: TCP_MISS from a23-222-79-109.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3.1-40349883) (-)
x-parent-response-time: 108,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=21, inner; dur=12
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202203310038080101130062050C8318C6
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 21,23.222.79.109
x-tt-trace-host: 01805103d436a3107b2ee6aa42f671e1e96c06a703e265a8182cd12ba78dd92f44a7183ef5009fb40245c5e0f9730197c760731cf4b36b3c0ec8c8489ce095e5a93cc35f1060c9fef4d8e3c3782860f5715e91f1c2bc33c9b727b2fc061744f72915224a41c9e17915244e21786608f61a
expires: Thu, 31 Mar 2022 00:38:08 GMT

GET
H2 200 redemption_options Show response
app.swellrewards.com/api/v2/ 3 KB
4 KB 1413ms
144ms XHR
application/json 34.235.216.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.swellrewards.com/api/v2/redemption_options?guid=A19H8vTS9KoU0V2U-uthxg&api_key=4QPV4PDV540793TlWEIItQtt

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.235.216.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-235-216-103.compute-1.amazonaws.com

Software

Resource Hash

e1cd9f10abeb29476add99b612340de919f0263c2454779535e69583ca187ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
via: kong/2.1.4
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
ratelimit-reset: 50
referrer-policy: strict-origin
x-ratelimit-limit-minute: 1500
x-kong-upstream-latency: 37
access-control-max-age: 7200
x-kong-proxy-latency: 3
x-ratelimit-remaining-minute: 1496
ratelimit-limit: 1500
vary: Origin
x-xss-protection: 1; mode=block
x-request-id: ebb0c1e520d83bcec423e0e792b25e6d
x-runtime: 0.029101
correlation-id: dc40fec1-5124-4aa4-b142-3b6515b47614
x-frame-options: ALLOWALL
etag: W/"e1cd9f10abeb29476add99b612340de9"
x-download-options: noopen
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, DESTROY, PATCH
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
ratelimit-remaining: 1496

GET
H2 200 web-widget-framework-b55648d86d169e264c05.js Show response
static.zdassets.com/web_widget/latest/ Frame B447 212 KB
71 KB 28ms
28ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web-widget-framework-b55648d86d169e264c05.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1f2cc95f-56d2-40f4-ac66-85995abfa13f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbf547a9a6e2068786c2f7956af7c4195c9de8ae85058d951a6e260054ece568

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159684
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: C7FJNR0XS3FRSAKF
x-amz-id-2: gdM19KV2bXdgguMMwSn2150Fsl644X2ODV3Cs4Rw+PfH9u+ER3QO9+SYxWlvRGMFHBV3GdV6u6k=
last-modified: Mon, 28 Mar 2022 23:30:28 GMT
server: cloudflare
etag: W/"5526824e022708315c65b7ca81ae26a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCq9uI9faLVTIV%2F%2BqxMA8jAbN8%2BFTwvKz2R%2Fjcq1mY%2BaaiGTbClKGnco3wAPwxqMO1HGYGA1FY7AJRKWI5DvUx8t2I%2BSLBuljqICsRaKrOo0L1JEAkURJqB72dMJ28JNedobSG4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: qfnMkHVOp8AMXqDZVaLu1XbfgoMEeJas
cf-ray: 6f45054229c88fdd-FRA
expires: Tue, 28 Mar 2023 23:30:27 GMT

GET
H2 200 web-widget-chat-sdk-58987df92c8073e96c0f.js Show response
static.zdassets.com/web_widget/latest/ Frame B447 203 KB
52 KB 26ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web-widget-chat-sdk-58987df92c8073e96c0f.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=1f2cc95f-56d2-40f4-ac66-85995abfa13f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6cd361fc4dd2ddf8db6c3ea7d3e8e62d38832bd9336e595aafa4abcd024b1ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 275253
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: YJ445HPWW8T8NXYB
x-amz-id-2: cXim/txVi8xrq9hfQfWQ33tIgIFEQUPcERAu6E8zlUtblJqDNzU97VDkEjyYayYVbXa8NnIHPzc=
last-modified: Fri, 25 Mar 2022 06:10:08 GMT
server: cloudflare
etag: W/"f4e9b6a21f729895e00473e7f3947ed7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1A1f3H8ZL4AFc3vdFhNXiwI%2FQh17UQn6brjDT7ee0pJ%2FLMRgdu2%2BQdN14XrDojHbNm%2F9ULbTBpMjPSju6OW1eGt4XPFMnRD6xHHFnkfLN8zWlBioIPNfPziP9OmNag%2FJuguwks%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: kjr6f17opVzL9HD21_5yKYIFHltoNOTI
cf-ray: 6f45054229c98fdd-FRA
expires: Sat, 25 Mar 2023 06:10:07 GMT

GET
H2 200 widget.js Show response
staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/ 448 KB
116 KB 54ms
18ms Script
text/javascript 2a02:26f0:3500:889::1d72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/widget.js?shop=tbate.myshopify.com

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:889::1d72 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a2a23f01aafbc0e214b874b8541188c61740706d8e7e899bbff062a42f2a5bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
env: PRODUCTION
status: 200 OK
server-timing: cdn-cache; desc=HIT, edge; dur=9
vary: Accept-Encoding
content-length: 118162
x-xss-protection: 1; mode=block
x-request-id: 015eddc166e5908bba1cfcde0b199192
x-runtime: 0.080729
x-frame-options: SAMEORIGIN
etag: W/"e3c51be197922196189ce806f87e2e86"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=8450
access-control-allow-credentials: true
access-control-allow-headers: *

GET
H2 200 klaviyo.js Show response
static.klaviyo.com/onsite/js/ 2 KB
1 KB 220ms
219ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LGmb7q&shop=tbate.myshopify.com
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d425602f94353d2493ea3f52843f4237e815066453f88aa6e286bb203ed9aef1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
age: 4482
x-cache: HIT, HIT
access-control-max-age: 86400
content-length: 837
x-served-by: cache-lga21932-LGA, cache-hhn4078-HHN
access-control-allow-origin: *
allow: GET, OPTIONS
server: nginx
x-timer: S1648687089.996168,VS0,VE0
etag: W/"9f3cc190076723013dbba5a96f9f2c6f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=1, stale-while-revalidate=10800
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers
x-cache-hits: 1, 2

GET
H2 200 A19H8vTS9KoU0V2U-uthxg.js Show response
cdn-loyalty.yotpo.com/loader/ 131 KB
132 KB 45ms
10ms Script
text/javascript 2a02:26f0:fb:5a0::1d72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-loyalty.yotpo.com/loader/A19H8vTS9KoU0V2U-uthxg.js?shop=tbate.myshopify.com

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb:5a0::1d72 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6ff07560fd983077987b470f119b1d358bae669e5a03b70b34d766270ca12c12

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

ratelimit-reset: 1
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-ratelimit-limit-second: 10000
x-kong-proxy-latency: 3
x-ratelimit-remaining-second: 9999
x-kong-upstream-latency: 49
ratelimit-remaining: 9999
ratelimit-limit: 10000
referrer-policy: strict-origin
content-length: 134013
x-xss-protection: 1; mode=block
x-request-id: 924c1b8cc9a6f2b9963431b85fcc9119
x-runtime: 0.036333
correlation-id: 2b1d43eb-7771-4879-aad0-2ccffa85dc0c
x-frame-options: ALLOWALL
date: Thu, 31 Mar 2022 00:38:09 GMT
x-download-options: noopen
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-permitted-cross-domain-policies: none
cache-control: private, must-revalidate, max-age=0
access-control-allow-credentials: false
etag: W/"6ff07560fd983077987b470f119b1d35"
access-control-allow-headers: *

GET
H2 200 tracking_script Show response
bingshoppingtool-t2app-prod.trafficmanager.net/uet/ 639 B
817 B 549ms
161ms Script
application/x-javascript 40.85.149.70
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bingshoppingtool-t2app-prod.trafficmanager.net/uet/tracking_script?shop=tbate.myshopify.com

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.85.149.70 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c14c7d89d2f50cfddff9e5ab56ce377d0ca5ff385e2a6a22809235253f6e6dc5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	deny

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-frame-options: deny
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: private
date: Thu, 31 Mar 2022 00:38:09 GMT
access-control-allow-headers: Token,Shop
content-length: 543

GET
H3

200

script-29cd8c3234213624fdaf.js Show response
live.bb.eight-cdn.com/static/
Redirect Chain

https://live.bb.eight-cdn.com/script.js?shop=tbate.myshopify.com
https://live.bb.eight-cdn.com/static/script-29cd8c3234213624fdaf.js

5 KB
3 KB

162ms
147ms

Script
text/javascript

2606:4700:20::681a:c9e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.bb.eight-cdn.com/static/script-29cd8c3234213624fdaf.js

Protocol

Server

2606:4700:20::681a:c9e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be76c042dc8a900e73128ccbea6752f5a9ce88ed1eb37283f37f8eafb35af411

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
apigw-requestid: Ot5OQjlLjoEEPuw=
referrer-policy: same-origin
last-modified: Wed, 09 Mar 2022 12:35:10 GMT
server: cloudflare
etag: W/"62289efe-1410"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3fx3t3pDvCVzrcE4HIdVN2r9VhC2xnwXadkeNNF5b9vqr4Kg4gzOI1HlQT1s8x8GK3Ur1bq%2FCaRiEkEBQkW4Ve25ASz0jMaERhEcUVTjtairoJzpS%2BKtbMRJ%2BWarQJgcMaxTjYFXI4zojhrDIkCE9wFvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: public, max-age=1800
cf-ray: 6f450543b86692b9-FRA

Redirect headers

date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
apigw-requestid: P0uttjmvDoEEMrg=
referrer-policy: same-origin
server: cloudflare
x-frame-options: DENY
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QL%2FDk6qNX1X82LIG%2FaF0UwreV%2F02R4NPCAtcYJ8NoZ094JWX%2BKR21RTrKUzqeQUN2gcYF3yc72EQBho7X4LM4KM6l3tDSjgeJKjCgZhqv04%2FTHp0uSqfLDX73bwlvA5p9GG%2FhaQXsgRoIFW5zb%2FnbbZ1vA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
location: /static/script-29cd8c3234213624fdaf.js
cache-control: public, max-age=3600
cf-ray: 6f4505428b709bd4-FRA
expires: Thu, 31 Mar 2022 01:38:09 GMT

GET
H2 200 10967_1632518006.js Show response
app.backinstock.org/widget/ 54 KB
18 KB 70ms
21ms Script
text/javascript 2606:4700:3030::6815:3d8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.backinstock.org/widget/10967_1632518006.js?v=5&shop=tbate.myshopify.com

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:3d8b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ccf448aca55910027e94feceed323a2713467f0b231a9fcccce6bfd6cb5e64b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 1230218
p3p: CP="Not used"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8uMcFQYPVJ7LyHaoDnJFwhn%2FA8PIGu%2BDI3WV793rC6leN3TyIRmDh7qdcmorRgfhJFn1KvGMY6JfO54ZIKFd8aSuO%2FFRIhRjT4DZWQnJkFWbvTt1bfr2xG2S%2Ffc5GCuLQ5F%2FuxmRfZ0hMNUBij45j9c"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: b2f65225-0ea9-4121-a442-12758b6d26d3
x-runtime: 0.050856
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 24 Sep 2021 21:13:26 GMT
server: cloudflare
x-frame-options: ALLOWALL
etag: W/"b530638a26e08402ed80c43cf9f32a1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=2629746
cf-ray: 6f4505428ef68fe2-FRA

GET
H2 200 online_store_script.js Show response
d275fvz7g8rvo.cloudfront.net/tbate.myshopify.com/ 3 KB
3 KB 41ms
9ms Script
text/plain 2600:9000:2156:1000:1:d5ae:c900:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d275fvz7g8rvo.cloudfront.net/tbate.myshopify.com/online_store_script.js?shop=tbate.myshopify.com
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1000:1:d5ae:c900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 218d1d3dc7c9a5f392d9a4300ad39d5528f90f94519c5b4c88db24acb5c6be16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 06:43:47 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
last-modified: Fri, 11 Mar 2022 17:49:00 GMT
server: AmazonS3
age: 64463
etag: "aa5bd6eead5ab94bbda383b9c2a590bd"
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3045
x-amz-cf-id: xIUHz8AN6WkYnLBpOxckplZx96Ledn-U-o2-K7Lt5rCRuug9anIHeg==

GET jsonp
geoip-db.com/ 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 175 KB
65 KB 147ms
61ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-D939QWJC76&l=dataLayer&cx=c&sign=7cf3f57079e19c840998482b4c4ab1548df46b7199bd4bcd1873ce01208317c8_20220331

Requested by

Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

41439e467e1e4801a901c59ca520952557ce71c61dddb071b4b5814a1b7da981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65655
x-xss-protection: 0
expires: Thu, 31 Mar 2022 00:38:09 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3799
date: Wed, 30 Mar 2022 23:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 31 Mar 2022 01:34:50 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 24ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26320
x-xss-protection: 0
pragma: public
x-fb-debug: uzfJl9lxvnSl57Y8TMcsct7/svU9MFmnOR51iAFqfBIFAAfISm7+vh4UFSSQQK6yHz4jRi1/mSASwupSN5y/jA==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Thu, 31 Mar 2022 00:38:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn4.mxpnl.com/libs/ 50 KB
18 KB 68ms
15ms Script
text/javascript 35.186.235.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.235.23 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.235.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:34:19 GMT
content-encoding: gzip
age: 230
x-guploader-uploadid: ADPycdtcsZ1AEMBlgpmSS__j1VNZVp9c506qQpRBepNe7eWsXE6ylWbAvz-imhl07jpOznjzROQcfbFgM4I9bc_jZgUi-6cg7w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17435
last-modified: Thu, 17 Feb 2022 20:21:50 GMT
server: UploadServer
etag: "caa762087e9d75cecc34b5d6626cb7b9"
vary: Accept-Encoding
x-goog-hash: crc32c=PPVzJA==, md5=yqdiCH6ddc7MNLXWYmy3uQ==
x-goog-generation: 1645129310876382
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=600
x-goog-stored-content-length: 17435
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 31 Mar 2022 00:44:19 GMT

GET
H2 200 hotjar-1133465.js Show response
static.hotjar.com/c/ 4 KB
2 KB 75ms
37ms Script
application/javascript 143.204.98.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1133465.js?sv=7

Requested by

Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-76.fra50.r.cloudfront.net

Software

Resource Hash

0bbb9ba9a8993f8c10104ab2239ca496b4d2c18a1eaf9be6f6cabe4bcc3dde6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA50-C1
etag: W/725d3e6b3dfd2aa5a09ea864f51f81d6
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
content-length: 1925
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
x-amz-cf-id: _BCCwv_lCl6p5fQhX104YiYMXbw0iRdZU04AYHGM0oPcdWdHZXQQ2Q==

GET
H2 200 dtag.js Show response
cdn.attn.tv/hero/ 0
376 B 10ms
9ms Script
text/javascript 2600:9000:2315:1400:1c:9484:cec0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.attn.tv/hero/dtag.js
Requested by: Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:1400:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: kGJjc2HxNgGNuk_7UqP1h9o.liqWLb8I
content-encoding
last-modified: Mon, 17 Dec 2018 20:59:49 GMT
server: AmazonS3
age: 26968
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-cache: Error from cloudfront
content-type: text/javascript
via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
date: Wed, 30 Mar 2022 17:08:42 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 0
x-amz-cf-id: mVBTMUa7RGgCXMYj9E-x58wq0lmGRMZP3SGxvsvwuREcxn47wn4IUQ==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 128ms
48ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9616865a4344d7bd7631fb93925d422d89ea1db93bc52f9d217354841c2bdf3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14883
x-xss-protection: 0
server: cafe
etag: 14534967036905587165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 00:38:09 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 117ms
117ms Script
application/javascript 2a02:26f0:3500:893::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
x-cdn: akamai
etag: "c4a0eea377c5e0da574e46f4d6e838e5"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1142
access-control-expose-headers: X-CDN

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 29ms
6ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: dc832faf8ca21fb791b9abb9a3ba334ef3e31914317791dd53510b8a24d0621d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 14 Feb 2022 14:11:16 GMT
server: snooserv
etag: "9dd34b4324742bd3f713adf7f070d3b4"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 7531

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 39ms
6ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100147-IAD, cache-hhn11530-HHN

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 50ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: ssapi.herocosmetics.us
URL: https://ssapi.herocosmetics.us/gtm.js?id=GTM-N73MWQN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BAFDBCEDF951479AB6AC62DD615FB157 Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 31 Mar 2022 00:38:09 GMT
accept-ranges: bytes
content-length: 11347

GET
H2 200 scevent.min.js Show response
sc-static.net/ 17 KB
7 KB 65ms
31ms Script
application/javascript 108.157.5.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.5.251 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-5-251.dus51.r.cloudfront.net
Software: CloudFront /
Resource Hash: f2f087eac841d5433c3c3fa9ea481b474ff8370b9d9eec1ace18f0300a76ffd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: DUS51-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 6336
via: 1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
x-amz-cf-id: wDCETo92Rhi5eZXXjGPX-XKZBCmORK51gYmLKNAn5cHsbb-QyifmYw==

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 3361
Redirect Chain

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D29750...
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D29750...

867 B
2 KB

124ms
124ms

Document
text/html

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170&dcc=t

Requested by

Host: www.herocosmetics.us
URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

87462430ad4d1e090f68f281736a99eb7266a384ba67d1bb701910bd21c3230a

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 867
Content-Type: text/html;charset=ISO-8859-1
Date: Thu, 31 Mar 2022 00:38:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy: interest-cohort=()
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: YZA9FQSKH1HSGYVSCA01

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Thu, 31 Mar 2022 00:38:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170&dcc=t
Permissions-Policy: interest-cohort=()
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 5738RRPMGRJHJ3ESQ30X

GET
H2 200 config Show response
herocosmetics.zendesk.com/embeddable/ Frame B447 586 B
1 KB 186ms
142ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://herocosmetics.zendesk.com/embeddable/config

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-b55648d86d169e264c05.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8f71b033520445068a6ac2b3f303ff0b6423493a5ffca2d10f7163c90b29e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
x-envoy-decorator-operation: embeddable.embeddable.svc.cluster.local:80/*
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-5c68f859db-sfxrb
x-envoy-upstream-service-time: 3
zendesk-api-version: 2022-01-01
access-control-allow-methods: GET
content-encoding: br
vary: Origin, Accept-Encoding
x-cached: MISS
x-request-id: 6f4505430c775c26-IAD
x-runtime: 0.001087
last-modified: Wed, 30 Mar 2022 23:57:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dB8WJ5%2BP4HQ1g7bH2PgaaM6696KW5o0U7JTUD9x4d7APtGSBKpw1wgpR8JqAQYKEcJ9Z5wepMwl8iO%2FEn0WdhP%2FbCaQIU7FunPVyppow2ftAymBLX0D8k4L%2Fveb8KsDmp5RGyQKuABY9LIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray: 6f4505430c775c26-FRA

GET
H3 200 173724809895244 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 61ms
52ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/173724809895244?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3366ffadff1ba39ef2c74f08f47342e2a781f0952c8cf1aeb9e731dfe3bbed9f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: jPXU2DJcBDk2G8u23qrfJpsamNKvxeeLL26i+5HXvTN45sO9ZTNuhpsAQ7Y2hDargVYDFQfrAU3qxwLF875N+w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 31 Mar 2022 00:38:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 app.v1.0.362.js Show response
cdn-swell-assets.yotpo.com/ 1 MB
192 KB 303ms
248ms Script
text/plain 192.229.233.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-swell-assets.yotpo.com/app.v1.0.362.js
Requested by: Host: cdn-loyalty.yotpo.com
URL: https://cdn-loyalty.yotpo.com/loader/A19H8vTS9KoU0V2U-uthxg.js?shop=tbate.myshopify.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.223 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A8) /
Resource Hash: ccaa9fc98ba7153973c89263d4ab6ff949c201a412e7410c7367ddfdb8d0a841

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
last-modified: Wed, 23 Mar 2022 07:26:37 GMT
server: ECS (frb/67A8)
x-amz-meta-s3cmd-attrs: uid:1000/gname:ubuntu/uname:ubuntu/gid:1000/mode:33188/mtime:1648020396/atime:1648020396/md5:52177ec1835a3b62cdda9bd550079d16/ctime:1648020396
age: 59414
etag: "52177ec1835a3b62cdda9bd550079d16+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/plain
x-amz-request-id: 158XNHYNW01JBEKB
content-length: 195961
x-amz-version-id: gw6HTulc93XmmOsvhQGZkxCIUp.PMBsM
x-amz-id-2: kC8AdY+mvlYhh2Dk51xClr0lOXiEDJG+3yBZwrvY8tLfR5QlTPiNGPPIzovAhGeqKn2sFrNsgzA=

GET
H/1.1 200
OK wdp.js Show response
mpsnare.iesnare.com/general5/ 44 KB
20 KB 322ms
196ms Script
text/javascript 54.195.39.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=false&fp_dyn=true&flash=false

Requested by

Host: staticw2.yotpo.com
URL: https://staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/widget.js?shop=tbate.myshopify.com

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.195.39.4 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-195-39-4.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9ee489ab6a989f0bc872d5c65653f1137642872db9fc7f6add0db7cc8a2a9ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:09 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H2 200 widget.css
staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/ 483 KB
44 KB 892ms
892ms Stylesheet
text/css 2a02:26f0:3500:889::1d72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/widget.css?widget_version=2022-01-23_10-47-18

Requested by

Host: staticw2.yotpo.com
URL: https://staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/widget.js?shop=tbate.myshopify.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:889::1d72 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a3ad7b5c1b5bc181b20b6bf15a40180d0d3a6697ee3bcab9867010841bf07048

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
env: PRODUCTION
status: 200 OK
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=501, origin; dur=381
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 26fde8703fd0755c86ec2936919bd41b
x-runtime: 0.275303
x-frame-options: SAMEORIGIN
etag: W/"f628f5ecff8b8bf1f652c7c85efeed9a"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10758
access-control-allow-credentials: true
access-control-allow-headers: *

GET
H2 200 i
p.yotpo.com/ 35 B
280 B 71ms
21ms Image
image/gif 18.158.155.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.yotpo.com/i?e=pv&page=theSkimm%20%7C%20Hero%20Cosmetics&se_va=WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax&cx=eyJwdl91dWlkIjo3NTE3Njg5ODV9&dtm=1648687089106&tid=335582&vp=1600x1200&ds=1600x4472&vid=1&duid=5d4a1a64c0b087a3&p=web&tv=js-0.13.2&fp=735438618&aid=onsite_v2&lang=en-US&cs=UTF-8&tz=Etc%2FUTC&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&url=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.155.73 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-155-73.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
cache-control: max-age=86400, private
server: nginx
content-type: image/gif
content-length: 35
expires: Fri, 01 Apr 2022 00:38:09 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 400ms
383ms Image
image/gif 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1648687089130&id=t2_3jqrn4g1&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&uuid=d28d32f1-ebaf-4bf6-b18e-05ffb205b9eb&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_da535582
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
457 B 225ms
127ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2h0n&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ec5bcf23-bd94-4ba7-bfb3-d945ab328b3d&tw_document_href=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 116
date: Thu, 31 Mar 2022 00:38:08 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 29ec001ec0a3a19df0de8ac294f52ce053d4dc401528123c1bff32665c5dacdf
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
336 B 381ms
116ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2h0n&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ec5bcf23-bd94-4ba7-bfb3-d945ab328b3d&tw_document_href=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 110
date: Thu, 31 Mar 2022 00:38:08 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 36b2cc9221352e04b2371ec7d7ef2641c2a1b8464195a1924617a929fde7e4f2
content-length: 43

GET
H2 200 modules.7d3f952308caf42c2b67.js Show response
script.hotjar.com/ 236 KB
62 KB 68ms
13ms Script
application/javascript 143.204.98.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.7d3f952308caf42c2b67.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1133465.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-104.fra50.r.cloudfront.net

Software

Resource Hash

43b0a448dfabca1c64deab31c9b3b004d41bac8fafc0796a4f5675cea0dda5a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 09:02:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1784163
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63048
access-control-allow-origin: *
last-modified: Thu, 10 Mar 2022 09:01:33 GMT
etag: "2f5d47da7be4d107a04726029158797c"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 1zp5t8B60YETzyUAeo2CG5ZNAyyPuzJjqxE39fY9ZoNOgqAVhkEulA==

GET
H2 200 main.32155010.js Show response
s.pinimg.com/ct/lib/ 52 KB
18 KB 120ms
118ms Script
application/javascript 2a02:26f0:3500:893::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.32155010.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:893::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: gzip
x-cdn: akamai
etag: "fd86de14455274a7c147dc95b77e18e3"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18298
access-control-expose-headers: X-CDN

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 201ms
146ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2061136617&t=pageview&_s=1&dl=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&ul=en-us&de=UTF-8&dt=theSkimm%20%7C%20Hero%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=291608089&gjid=1384311410&cid=1818124570.1648687089&tid=UA-102753205-1&_gid=1669888098.1648687089&_r=1&gtm=2yg3n1N73MWQN&z=1538206389

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.herocosmetics.us
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 25084313.js Show response
bat.bing.com/p/action/ 874 B
873 B 175ms
175ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25084313.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

70f1512ffd71cd41d86b4d9518594c674f5e9e4e9296e52f63d605ca9ea43f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2EEDE86E9D344CB78A8AB13280B48CA2 Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
date: Thu, 31 Mar 2022 00:38:09 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 688

GET
H2 204 0
bat.bing.com/action/ 0
175 B 57ms
57ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25084313&tm=gtm002&Ver=2&mid=0fe10ca8-b602-418b-9e4d-c8b65feba153&sid=d679a870b08a11ecb79f015cefdbd046&vid=d679d930b08a11ec8bd803791d78f91b&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=theSkimm%20%7C%20Hero%20Cosmetics&p=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&r=&lt=2223&evt=pageLoad&msclkid=N&sv=1&rn=650438

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8ED710CCAC2644C4B823FE4632E1BF99 Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
date: Thu, 31 Mar 2022 00:38:09 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 258ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=173724809895244&ev=PageView&dl=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&rl=&if=false&ts=1648687089209&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1648687089207.261350689&it=1648687089085&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 31 Mar 2022 00:38:09 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 173ms
146ms Image
image/gif 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2061136617&t=timing&_s=2&dl=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&ul=en-us&de=UTF-8&dt=theSkimm%20%7C%20Hero%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2218&pdt=520&dns=0&rrt=1085&srt=18&tcp=0&dit=1795&clt=1889&_gst=2245&_gbt=2392&_cst=1545&_cbt=2214&_u=YEBAAEABAAAAAC~&jid=&gjid=&cid=1818124570.1648687089&tid=UA-102753205-1&_gid=1669888098.1648687089&gtm=2yg3n1N73MWQN&z=1404554274

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 21:33:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 11091
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 46 B
313 B 139ms
76ms Fetch
application/json 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=0470dae7-028b-4609-a07a-65a3ee776aed

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

a2aef314df12ae580d00c62eefebf69a2b75933357aa9acfd3a47d2d20660573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
via: 1.1 google
server: nginx/1.19.6
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/775465074/ 2 KB
2 KB 206ms
50ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/775465074/?random=1648687089230&cv=9&fst=1648687089230&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2yg3n1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&tiba=theSkimm%20%7C%20Hero%20Cosmetics&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd25e4edec606ee114faedf90b719e5e3ffc4ae9762e840a68c04d7fc2c597b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1082
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-acca23410e696f2ca3087d947271c3d0.html Show response
vars.hotjar.com/ Frame 77B4 2 KB
1 KB 131ms
81ms Document
text/html 143.204.98.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1133465.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-102.fra50.r.cloudfront.net
Software: /
Resource Hash: e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 4722363
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 04 Feb 2022 08:52:06 GMT
etag: "6f65fac4e8efe167ff5132c0c54c5729"
last-modified: Fri, 04 Feb 2022 08:51:39 GMT
vary: Accept-Encoding
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
x-amz-cf-id: k1aufhCSWdbDPtdyb8UdIh8HEO_baMzmSMl46UQAjJ1iDXjgOnbJWQ==
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 2D33 0
241 B 79ms
28ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=0470dae7-028b-4609-a07a-65a3ee776aed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 31 Mar 2022 00:38:09 GMT
server: nginx/1.19.6
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google

POST
H2 200 p Show response
tr.snapchat.com/ Frame 9B59 0
206 B 59ms
33ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: https://www.herocosmetics.us
Referer: https://www.herocosmetics.us/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-transform
content-length: 0
content-type: text/html
date: Thu, 31 Mar 2022 00:38:09 GMT
server: nginx/1.19.6
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google

GET
H2 200 web-widget-classic-1330451.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame B447 13 KB
4 KB 24ms
23ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-1330451.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-b55648d86d169e264c05.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

324f038c7f905eacb4d5159beedcd3a107da4405d0d39f6b40302ec249843ed7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159685
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: C7FGGQ2Z7JYSNZVB
x-amz-id-2: m383ebalmdqP2hkf5KFr6O4TCctXHKOkX7i++vJXCcx844E9yyTv7eLYRn5/8vI86OCteSxSQd4=
last-modified: Mon, 28 Mar 2022 23:35:59 GMT
server: cloudflare
etag: W/"5107f8d8b4cf840798dd591e85654ae1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q8ir2zpatuHemK44tnoHxA6YGXdO4kou75FT3H596tr4bcoi8oMkfXaRBGSdBm0YC0VHIl3XVymmQR7Sewkl9H8sM%2FODhMBhTTK9EOSA8xMUr98skoQXqZF%2FiBxlQhnqcsa9Iq0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: euHCQsAASDXa8G4De9kjd_5.CVEtXR9I
cf-ray: 6f450543fb3f8fdd-FRA
expires: Tue, 28 Mar 2023 23:35:58 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 76ms
75ms Ping
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-D939QWJC76&gtm=2oe3n1&_p=2061136617&sr=1600x1200&ul=en-us&cid=1818124570.1648687089&_s=1&dl=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&dt=theSkimm%20%7C%20Hero%20Cosmetics&sid=1648687089&sct=1&seg=0&en=page_view&_fv=1&_ss=1&up.visitor_type=guest
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D939QWJC76&l=dataLayer&cx=c&sign=7cf3f57079e19c840998482b4c4ab1548df46b7199bd4bcd1873ce01208317c8_20220331
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.herocosmetics.us
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web-widget-1561-1330451.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame B447 608 KB
184 KB 34ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-1561-1330451.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-1330451.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79b4c0a50f2546ddfd5d75770c57ed8531d132545c7f2923dd05748ad905e678

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159684
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 8V0KVPE03H7VDBNY
x-amz-id-2: 4AGZ4eYqRd5BGjIOD7ZE33ea5MoRjFeo7PBtN66e3rW0dskmLLjgcpAkG0xiAMrXRkSQOZOvhGI=
last-modified: Mon, 28 Mar 2022 23:36:54 GMT
server: cloudflare
etag: W/"f673eff127fb381f0d1274751e65fa21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DqMwsus1gqevS8xRB7y21vLUTEEaQ%2FXDpqa8hanIGva50j%2FGCs12ve%2BKMNgXv%2BMOOxtDVE1TOUZL9wMHM4TDJla59TDG23IxOpuvy5J5sB1IcC%2B6DMlZp1mDFmCCz5HWmZuGLE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: ZG_bTCr8yuenrQfNJTHD5N2Tu.2btQHq
cf-ray: 6f4505444b828fdd-FRA
expires: Tue, 28 Mar 2023 23:36:53 GMT

GET
H2 200 web-widget-4794-1330451.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame B447 463 KB
104 KB 29ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-4794-1330451.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-1330451.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

846897c71efff681d519f2e91e2817c3d92c0f0dcf761f0ac593c5190dcf991c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159684
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 8V0ZBRB0VDEDH1QX
x-amz-id-2: V6Cyj1xXdGZxMO9YTJXZBxBQms4PR72VG/QwnSApW65bxkpAEvHVRls8S17aYDyOAcoy6grBZ8M=
last-modified: Mon, 28 Mar 2022 23:36:53 GMT
server: cloudflare
etag: W/"1d06bb157cb43eb0021f14e3f0d2a0b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmRSGywJxstUrM4VRQ%2BEOW8dsOHzzcdE1HBmDU51B3ionsLKtKMu2MjpFMtIj71XGb%2B1wJ9sW9NGw8UZ%2Bcp01SIU%2FxI3vcE2kDuKn0Cmd70yHs0ABskouXBCbCfngtTjaIMfw6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: nQ_O.OrNfqYYVz7fgWrcSl.6jqV1LrkH
cf-ray: 6f4505444b848fdd-FRA
expires: Tue, 28 Mar 2023 23:36:52 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102753205-1&cid=1818124570.1648687089&jid=291608089&gjid=1384311410&_gid=1669888098.1648687089&_u=YEBAAEAAAAAAAC~&z=1802221392

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 31 Mar 2022 00:38:09 GMT
content-type: text/plain
access-control-allow-origin: https://www.herocosmetics.us
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
k.clarity.ms/s/0.6.34/ 53 KB
23 KB 328ms
99ms Script
application/javascript 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/25084313.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
etag: "1d83fcbec22f254"
last-modified: Thu, 24 Mar 2022 22:10:08 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 23150
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=EFE1D30C12FB4B059F1FC1331A62EAE0&RedC=c.clarity.ms&MXFR=00A30083664F6E510C3C11FB624F60B1
https://c.clarity.ms/c.gif?CtsSyncId=EFE1D30C12FB4B059F1FC1331A62EAE0&MUID=13BDA66E9C8369CB3B22B7169D516890

42 B
369 B

26ms
26ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=EFE1D30C12FB4B059F1FC1331A62EAE0&MUID=13BDA66E9C8369CB3B22B7169D516890
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2CDA9A282A224C788AF5DAF7EF08EE1A Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=EFE1D30C12FB4B059F1FC1331A62EAE0&MUID=13BDA66E9C8369CB3B22B7169D516890
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 embeddable_blip Show response
herocosmetics.zendesk.com/ Frame B447 0
379 B 127ms
127ms XHR
text/plain 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://herocosmetics.zendesk.com/embeddable_blip?type=analytics&data=eyJhbmFseXRpY3MiOnsidmFsdWUiOnsicmF3Q2xpZW50TG9jYWxlIjoiZW4tVVMiLCJyYXdTZXJ2ZXJMb2NhbGUiOiJkZS1ERSIsImNsaWVudExvY2FsZSI6ImVuLXVzIiwic2VydmVyTG9jYWxlIjoiZGUtZGUiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAwLjAuNDg5Ni42MCBTYWZhcmkvNTM3LjM2IiwiaXNNb2JpbGUiOmZhbHNlfSwiYWN0aW9uIjoibG9jYWxlTWlzbWF0Y2giLCJjYXRlZ29yeSI6ImxvY2FsZSJ9LCJidWlkIjoiNzU1YmIxNmNkYTExNDM0NGI5N2JlNTI1NzgyY2UzNDgiLCJzdWlkIjoiNWFjYmY3YjRmMzIxNGMwNGEyNmFkOGRkNWZkYzk4ZmYiLCJ2ZXJzaW9uIjoiMTMzMDQ1MSIsInRpbWVzdGFtcCI6IjIwMjItMDMtMzFUMDA6Mzg6MDkuNDg3WiIsInVybCI6Imh0dHBzOi8vd3d3Lmhlcm9jb3NtZXRpY3MudXMvcGFnZXMvdGhlc2tpbW0%2FdXRtX3NvdXJjZT1wYXJ0bmVyc2hpcCZ1dG1fbWVkaXVtPW5ld3NsZXR0ZXItdGFrZW92ZXImdXRtX2NhbXBhaWduPTAzMzEtdGhlc2tpbW0ifQ%3D%3D

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-b55648d86d169e264c05.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 0
zendesk-api-version: 2022-01-01
content-length: 0
x-zendesk-zorg: yes
x-request-id: 864ab3170e4e4daf7a075901b4de31e2
last-modified: Thu, 31 Mar 2022 00:38:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aaKlh41967Xg8sRFax5Bzp9qZ9T%2Bpj%2FmjOcfUBBV0MzujvuvKp2%2FePFMtcq29CSgjKTYcBkkcXUv1b9HxGr0yH9IfFy79w1cFXpKInuLRKqeZd17KJKRIEWl2s%2FsonU2AUImO8LXcHNedC4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
accept-ranges: bytes
cf-ray: 6f4505455eb05c26-FRA

GET
H2 200 de-de-json-1330451.js Show response
static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/ Frame B447 28 KB
7 KB 25ms
24ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/de-de-json-1330451.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-1330451.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98753a47a585b364d46318037a18c5525261dd84fd2075c78ccd06650d660e7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159684
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 8V0WEW4ZD5P32YWH
x-amz-id-2: 70GvGyFZujh2isQ2sexjMtLw+XYChVTe84HsaZ1HHqTZfm2Bw9rwJv7aZ175/sBV9XJyMOQtA9g=
last-modified: Mon, 28 Mar 2022 23:36:05 GMT
server: cloudflare
etag: W/"92dd55bc0b79e58bbb059b550a8b2f0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5%2BcV2AZcaDmpjHfd4QALOZVw%2F8ak%2F4VS32iajC1HssICIndp7%2FK2raT4GC4WDxHIr5mtPz%2Bst4HggO2HR%2FPfNhzOm2J86eoZyBUWyDpuBYvjP%2BY62Ala%2BboMu6bIb3lEpizsgY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: ufORjTnBNlHN6NzfDU_uJLsGZQ0mSEad
cf-ray: 6f4505456c598fdd-FRA
expires: Tue, 28 Mar 2023 23:36:04 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 138ms
50ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102753205-1&cid=1818124570.1648687089&jid=291608089&_u=YEBAAEAAAAAAAC~&z=1251628518

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 135ms
48ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102753205-1&cid=1818124570.1648687089&jid=291608089&_u=YEBAAEAAAAAAAC~&z=1251628518

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/5.4.0/ 477 B
910 B 29ms
29ms Script
text/javascript 54.195.39.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/5.4.0/logo.js

Requested by

Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=false&fp_dyn=true&flash=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.195.39.4 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-195-39-4.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a2ec1281c1520917d1aa93957e348114e90c19eede19818fe26f562f63be5f82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 00:38:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 31 Mar 2023 00:38:09 GMT

GET
H/1.1 206
Partial Content time.mp3
mpsnare.iesnare.com/ 504 B
881 B 34ms
28ms Media
audio/mpeg 54.195.39.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/time.mp3?nocache=0.12329922179865704

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.195.39.4 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-195-39-4.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4934ac0d18e092eeb7ca6d7acbabfde67a4c3326ea02fa126bef32e9011fe7dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.herocosmetics.us/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=0-

Response headers

Pragma: public
Date: Thu, 31 Mar 2022 00:38:09 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: audio/mpeg
Content-Range: bytes 0-503/504
Content-Disposition: inline; filename=time.mp3
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 504
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 cart.js Show response
www.herocosmetics.us/ 283 B
1 KB 170ms
169ms XHR
text/javascript 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.herocosmetics.us/cart.js

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecff0934fecdd9ab3571faea9dfdcffaa50abff93982a0c2c3e4e56394d6ebf0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-europe-west1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 21814481
x-shardid: 41
x-storefront-renderer-rendered: 1
server: cloudflare
content-language: en-DE
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=7889238
x-download-options: noopen
x-shopid: 21814481
x-request-id: 97f81b8d-debd-48b8-964a-6996bcce2bfa
vary: Accept-Encoding, Accept
content-security-policy: block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
cf-ray: 6f450545d85b8ffa-FRA
x-sorting-hat-podid: 41
x-cartjs-updatedat: 1648687087

GET
H2 200 /
www.google.com/pagead/1p-user-list/775465074/ 42 B
154 B 101ms
75ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/775465074/?random=1648687089230&cv=9&fst=1648684800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2yg3n1&sendb=1&frm=0&url=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&tiba=theSkimm%20%7C%20Hero%20Cosmetics&async=1&fmt=3&is_vtc=1&random=1072607296&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/775465074/ 42 B
154 B 74ms
49ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/775465074/?random=1648687089230&cv=9&fst=1648684800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2yg3n1&sendb=1&frm=0&url=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&tiba=theSkimm%20%7C%20Hero%20Cosmetics&async=1&fmt=3&is_vtc=1&random=1072607296&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web-widget-chat-sdk-1330451.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame B447 203 KB
52 KB 26ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-chat-sdk-1330451.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-1330451.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b653c2d9bfa024b3e71c8b41166b3eac093feb4941d94f05dca7a4ca4067265

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159684
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 8V0ZMNADJC9F5A1T
x-amz-id-2: IkOiJ8HV9u+KcyWuTjWlZJmK9N1qWijPwxlMAjSHH4hXbJdn0KyjVzJnIPlMQe9dbap7HEglRB8=
last-modified: Mon, 28 Mar 2022 23:36:51 GMT
server: cloudflare
etag: W/"2d1cc71339e58b46b688d27c4b7b8440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iM%2BiTtFNvmzhykkqI6c6%2BdsECwHAAvoYY3hkraPEj4FuoHjN5UvT47DNtzDnn9nGraHLi0k1D8v44rdh4DCg46YCasvoQ7s8XGxHvYOpwpbfezRFJIpxKv4wJ0Bjq5oDR1zmNqc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: .r3F6xK8E8104G7eZCdCA2CV_ZDhza3t
cf-ray: 6f450545fcb28fdd-FRA
expires: Tue, 28 Mar 2023 23:36:50 GMT

GET
H2 200 embeddable_blip Show response
herocosmetics.zendesk.com/ Frame B447 0
289 B 148ms
146ms XHR
text/plain 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://herocosmetics.zendesk.com/embeddable_blip?type=pageView&data=eyJjaGFubmVsIjoid2ViX3dpZGdldCIsInBhZ2VWaWV3Ijp7InJlZmVycmVyIjoiaHR0cHM6Ly93d3cuaGVyb2Nvc21ldGljcy51cy9wYWdlcy90aGVza2ltbT91dG1fc291cmNlPXBhcnRuZXJzaGlwJnV0bV9tZWRpdW09bmV3c2xldHRlci10YWtlb3ZlciZ1dG1fY2FtcGFpZ249MDMzMS10aGVza2ltbSIsInRpbWUiOjEyNywibG9hZFRpbWUiOjQzLjA5OTk5ODQ3NDEyMTA5NCwibmF2aWdhdG9yTGFuZ3VhZ2UiOiJlbi1VUyIsInBhZ2VUaXRsZSI6InRoZVNraW1tIHwgSGVybyBDb3NtZXRpY3MiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAwLjAuNDg5Ni42MCBTYWZhcmkvNTM3LjM2IiwiaXNNb2JpbGUiOmZhbHNlLCJpc1Jlc3BvbnNpdmUiOnRydWUsInZpZXdwb3J0TWV0YSI6IndpZHRoPWRldmljZS13aWR0aCxpbml0aWFsLXNjYWxlPTEiLCJoZWxwQ2VudGVyRGVkdXAiOmZhbHNlfSwiYnVpZCI6Ijc1NWJiMTZjZGExMTQzNDRiOTdiZTUyNTc4MmNlMzQ4Iiwic3VpZCI6IjVhY2JmN2I0ZjMyMTRjMDRhMjZhZDhkZDVmZGM5OGZmIiwidmVyc2lvbiI6IjEzMzA0NTEiLCJ0aW1lc3RhbXAiOiIyMDIyLTAzLTMxVDAwOjM4OjA5LjYxNFoiLCJ1cmwiOiJodHRwczovL3d3dy5oZXJvY29zbWV0aWNzLnVzL3BhZ2VzL3RoZXNraW1tP3V0bV9zb3VyY2U9cGFydG5lcnNoaXAmdXRtX21lZGl1bT1uZXdzbGV0dGVyLXRha2VvdmVyJnV0bV9jYW1wYWlnbj0wMzMxLXRoZXNraW1tIn0%3D

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-b55648d86d169e264c05.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 0
zendesk-api-version: 2022-01-01
content-length: 0
x-zendesk-zorg: yes
x-request-id: fba0ee872d11ef3414a79f49b7790fbd
last-modified: Thu, 31 Mar 2022 00:38:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gdHiGKWOFx9X8a6u%2BImr7OyCLPwc5LRQh9Q8iBeVUNRm3v%2BQzqTw4mbhSVp4wxVUrROmE3R3mG41pFoUrXpAxQcGoH2PKLP6w98ojHgPCPSvXym6dPVO1VUqoP5Gdd1Y4opDq604fAbnrPQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
accept-ranges: bytes
cf-ray: 6f4505461f885c26-FRA

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
11 KB 33ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: bingshoppingtool-t2app-prod.trafficmanager.net
URL: https://bingshoppingtool-t2app-prod.trafficmanager.net/uet/tracking_script?shop=tbate.myshopify.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5674499C3923464AB7EE04D33030E7A3 Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 31 Mar 2022 00:38:09 GMT
accept-ranges: bytes
content-length: 11333

GET
H2 200 25097093.js Show response
bat.bing.com/p/action/ 873 B
823 B 127ms
126ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25097093.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b97c2397c3894fce3131e91fda5edd6418baecb754c45febae4742e1cee16bd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D58F3E6252224537BAD3AE42904D1E0D Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
date: Thu, 31 Mar 2022 00:38:09 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 687

GET
H2 204 0
bat.bing.com/action/ 0
120 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25097093&Ver=2&mid=1bbea3c3-df40-4e35-96c9-6901ca360fd8&sid=d679a870b08a11ecb79f015cefdbd046&vid=d679d930b08a11ec8bd803791d78f91b&vids=0&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=theSkimm%20%7C%20Hero%20Cosmetics&p=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&r=&lt=2223&evt=pageLoad&msclkid=N&sv=1&rn=622466

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 38B80EA7A1B84D89AC46A954B9EE43C2 Ref B: FRAEDGE1218 Ref C: 2022-03-31T00:38:09Z
date: Thu, 31 Mar 2022 00:38:09 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 17ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=173724809895244&ev=Microdata&dl=https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm&rl=&if=false&ts=1648687089723&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22theSkimm%20%7C%20Hero%20Cosmetics%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Hero%20Cosmetics%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.herocosmetics.us%2Fpages%2Ftheskimm%22%2C%22og%3Atitle%22%3A%22theSkimm%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Adescription%22%3A%22Everyone%20deserves%20to%20feel%20amazing%20in%20their%20skin.%20That%E2%80%99s%20why%20we%20make%20customizable%20acne%20toolkits%20to%20handle%20any%20pimple%20challenge.%20Seriously%20effective%20solutions%20with%20powerfully%20clean%20ingredients%20for%20all%20ages%20%26%20skin%20types%20%E2%80%94%20from%20our%20cult-fave%20hydrocolloid%20Mighty%20Patch%20to%20Rescue%20Balm%2C%20Micropoint%20for%20Dark%20Spots%2C%20and%20beyond!%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1648687089207.261350689&it=1648687089085&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 31 Mar 2022 00:38:09 GMT

GET
H3 200 loggedincustomer Show response
www.herocosmetics.us/apps/ 2 B
1 KB 652ms
651ms XHR
application/json 23.227.38.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.herocosmetics.us/apps/loggedincustomer

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-dc: gcp-europe-west1,gcp-europe-west1,gcp-us-east1,gcp-us-east1
x-shopify-stage: production
content-type: application/json; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-sorting-hat-shopid: 21814481
x-shardid: 41
x-storefront-renderer-rendered: 1
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=7889238
x-download-options: noopen
content-language: en-DE
x-request-id: 39f2da46-716c-4c14-9327-26c2ee46c802
vary: Accept-Encoding, Accept
x-shopid: 21814481
content-security-policy: block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
cf-ray: 6f450546e8ff8ffa-FRA
link: <https://cdn.shopify.com>; rel=preconnect, <https://cdn.shopify.com>; rel=preconnect; crossorigin
x-sorting-hat-podid: 41

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame FEC6 5 KB
6 KB 105ms
104ms Document
text/html 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

0f73c31dfba7cd6d783614a5796eb208194f19166df5212467d48b6685e692bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3Dbf37e420-750d-8729-b56b-21681afccb08%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.herocosmetics.us/&ex-hargs=v%3D1.0%3Bc%3D2975003540301%3Bp%3DBF37E420-750D-8729-B56B-21681AFCCB08&cb=493709956312783170&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 5548
Content-Type: text/html;charset=ISO-8859-1
Date: Thu, 31 Mar 2022 00:38:09 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy: interest-cohort=()
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid: 0XXF82PMYDG5J77F9JXR

GET
H2 200 c.gif
c.clarity.ms/ 42 B
81 B 27ms
26ms Image
image/gif 52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/25097093.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H2 200 web-widget-chat-incoming-message-notification-1330451.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame B447 208 B
836 B 24ms
23ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-1330451.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-1330451.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159683
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: AKFF2YVGDP2W346J
x-amz-id-2: tS2NzMRdVSNY4VPbmisK4pRh3Rk0xVTwrwMuC753ltV4gdHzkRN4AWFqncZkS57kBRYTk6lkpzk=
last-modified: Mon, 28 Mar 2022 23:36:53 GMT
server: cloudflare
etag: W/"659635f5ad1b6653645380f46aa42236"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9FfuS3AdtxQT0%2FT0R2oigohjmU%2FbOuleezqRCt0BUsrkz1Y2CjY21maZODKu%2FZttXcchxUVsatakdbuiUopy1OGorc0dwPmSsnbiaiq%2BJ2sPr5KZw96c0JRc5FumdtBFzJy%2FheU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: Nhnd4MSKTnka6x.s.RRPH7jTd5XZEICr
cf-ray: 6f450547fe128fdd-FRA
expires: Tue, 28 Mar 2023 23:36:52 GMT

POST
H2 204 collect Show response
k.clarity.ms/ 0
73 B 97ms
97ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://www.herocosmetics.us
date: Thu, 31 Mar 2022 00:38:09 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212284268
https://s.amazon-adsystem.com/ecm3?id=164990604107000003875&ex=neustar.biz

43 B
556 B

128ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=164990604107000003875&ex=neustar.biz

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: J9CS8R3GGKY78VVQS3X3
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:09 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://s.amazon-adsystem.com/ecm3?id=164990604107000003875&ex=neustar.biz
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=198&external_user_id=W_vEmG1GTcymV2cEPsmFrw&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D&cm_dsp_id=198&external_user_id=W_vEmG1GTcymV2cEPsmFrw&C=1
https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YkT38cExnBSrHk2zgrn14AAA

43 B
556 B

205ms
104ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YkT38cExnBSrHk2zgrn14AAA

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GHYD12KTGMP3RFFPW2Y7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YkT38cExnBSrHk2zgrn14AAA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 262
Expires: Thu, 31 Mar 2022 00:38:10 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=9e54b172cb520c637360b378db13ad4c

43 B
556 B

168ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=9e54b172cb520c637360b378db13ad4c

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: ZT2J0XK8QKGFNHDGN16R
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=9e54b172cb520c637360b378db13ad4c
Date: Thu, 31 Mar 2022 00:38:10 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID

43 B
556 B

123ms
107ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 1TB8WJ5PYSZY5A9ME37C
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID
Date: Thu, 31 Mar 2022 00:38:10 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=9HSSs0voQ8uM9HQsDFRdAQ
https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=9HSSs0voQ8uM9HQsDFRdAQ&verify=true
https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=9HSSs0voQ8uM9HQsDFRdAQ

43 B
556 B

304ms
105ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=9HSSs0voQ8uM9HQsDFRdAQ

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8DACQCQKARB6704CFMYH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=9HSSs0voQ8uM9HQsDFRdAQ
date: Thu, 31 Mar 2022 00:38:10 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1
https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/56466/sync?redir=true&_origin=1&apid=UPd6f1f843-b08a-11ec-a38f-0214991a90ae
https://s.amazon-adsystem.com/ecm3?id=c667fe67a803bd9ef3ab228a425e7eec84c61a8c&ex=aoldisplay.com

43 B
556 B

279ms
105ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=c667fe67a803bd9ef3ab228a425e7eec84c61a8c&ex=aoldisplay.com

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8BFQ7S9BXVTG92DXD85B
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?id=c667fe67a803bd9ef3ab228a425e7eec84c61a8c&ex=aoldisplay.com
date: Thu, 31 Mar 2022 00:38:10 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a505c512-63f1-4c24-a1e5-e627c5d5c8cf

43 B
556 B

106ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a505c512-63f1-4c24-a1e5-e627c5d5c8cf

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: MJ39JW7W4HB3RJKA94GH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

access-control-allow-origin: *
Date: Thu, 31 Mar 2022 00:38:10 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0
Location: https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a505c512-63f1-4c24-a1e5-e627c5d5c8cf

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/latest/classic/ Frame B447 19 KB
20 KB 22ms
22ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/fda6cd35495c75f83508d9d2e77ee33d.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 31 Mar 2022 00:38:09 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2071906
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
x-amz-request-id: FD21HJZ0SC318A3S
x-amz-id-2: NQ1kBPF/UnTK9AZpySdebkLqqzWunMXOCHCwfF6x248iyyA6nQiOomSbhY3BCO6CmxZZCxtHk8M=
last-modified: Sat, 05 Mar 2022 21:30:07 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wW7eV9WFSW8VwUzB7vnoR4YKU8SIHyhQpYz9P7EcDKAUps%2BcjfFniIB1mhnwmlWw87pcZrmwU7u3JNa4E3AKWG1qtUPdPtQ%2BvCfpdu74AvSg0dSXCG1HBxEzcY7p9cQZ0i4da9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: rEiIcwVoP6Gqhntax3yVPyGX.ebLEQ6h
Content-Length: 19698
cf-ray: 6f4505482e338fdd-FRA
expires: Sun, 05 Mar 2023 21:30:06 GMT

GET
H2 200 sync
amazon.partners.tremorhub.com/ Frame FEC6 43 B
183 B 330ms
100ms Image
image/gif 2600:1f18:612b:4200:fed4:35ed:3821:843c
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazon.partners.tremorhub.com/sync?UIAM&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dtelaria.com%26id%3D%5BPARTNER_ID%5D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:fed4:35ed:3821:843c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 204 cms
cms.analytics.yahoo.com/ Frame FEC6 0
123 B 114ms
36ms Image
text/html 212.82.100.182
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.analytics.yahoo.com/cms?partner_id=AMAZON&ex=gemini

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.182 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spcms.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
via: http/1.1 spdc0101.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
strict-transport-security: max-age=31536000
content-type: text/html;charset=utf-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://mwzeom.zeotap.com/mw?zpartnerid=1353&zurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dzeotap%26id%3D%7BZCOOKIE%7D
https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=f6e0b0a4-c290-435f-5150-6b11cf384239

43 B
556 B

204ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=f6e0b0a4-c290-435f-5150-6b11cf384239

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: N5FXX7DKRQ84WFTVWGWX
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Thu, 31 Mar 2022 00:38:10 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=f6e0b0a4-c290-435f-5150-6b11cf384239
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6f4505491b63925b-FRA
access-control-allow-headers: *

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=2545
https://s.amazon-adsystem.com/ecm3?id=de71ba2d8d47be46df738663464fd62b&ex=freewheel.tv&gdpr=0&gdpr_consent=

43 B
556 B

106ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=de71ba2d8d47be46df738663464fd62b&ex=freewheel.tv&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4JC4QE00VT4W164QJECS
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://s.amazon-adsystem.com/ecm3?id=de71ba2d8d47be46df738663464fd62b&ex=freewheel.tv&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1648687090189005-546
Expires: Thu, 31 Mar 2022 00:38:10 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

43 B
556 B

118ms
104ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: F1H1BTE98RKHW2RBRN7W
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Thu, 31 Mar 2022 00:38:10 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
content-security-policy-report-only: default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=:rid=F9VAC34VKHATEBT3E7EN:sn=www.imdb.com
x-cache: Miss from cloudfront
vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
content-length: 0
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
server: Server
x-amz-rid: F9VAC34VKHATEBT3E7EN
strict-transport-security: max-age=31536000; includeSubDomains
location: https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
permissions-policy: interest-cohort=()
x-robots-tag: noindex, nofollow
x-amz-cf-id: -OnaWA8hKyg51Sbw8ubRCjivMIkTcGZ0GIIcXYWdeBg--LEXaNlzfQ==

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame FEC6 0
338 B 113ms
29ms Image
text/plain 79.125.14.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=amzn&partner_uid=QXAm7cgmSL-bOZm8VClrsQ&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dkrux.com%26id%3D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 79.125.14.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-14-53.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
cache-control: private, no-cache, no-store
x-request-time: D=57 t=1648687090
x-served-by: beacon-n012-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK pixel.gif
usersync.samplicio.us/amazon/ Frame FEC6 0
263 B 411ms
100ms Image
text/plain 18.215.127.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.samplicio.us/amazon/pixel.gif?https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.127.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-127-208.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Server: nginx/1.20.0
Location: https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f2493c1f049c6002

43 B
556 B

106ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f2493c1f049c6002

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: V85X4B6J26BV9H0RYHJR
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f2493c1f049c6002
date: Thu, 31 Mar 2022 00:38:10 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type, Authorization
content-length: 93
access-control-allow-methods: HEAD,OPTIONS,GET
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=LcW0gP2rRJef7Jucrv0mYQ&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=LcW0gP2rRJef7Jucrv0mYQ

43 B
556 B

106ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=LcW0gP2rRJef7Jucrv0mYQ

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 7JD7JT4ZGSGCFNR8RJ4K
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=LcW0gP2rRJef7Jucrv0mYQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://dpm.demdex.net/ibs:dpid=139200&dpuuid=NzhI7h3KQiC0UcQFd2bWVg&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=139200&dpuuid=NzhI7h3KQiC0UcQFd2bWVg&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=52064747112953455062459007380188991176

43 B
556 B

105ms
105ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=52064747112953455062459007380188991176

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: W9EK30M8YZYWWA2RJ942
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS: dcs-prod-irl1-2-v030-035a33309.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 2HK/up6jRSA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=52064747112953455062459007380188991176
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=PloN6YSJTTKInla9qxt_DA
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10812368650802890455&gdpr=&gdpr_consent=

43 B
556 B

105ms
105ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10812368650802890455&gdpr=&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: HAY9YAJMGXKE9FBNCAK9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10812368650802890455&gdpr=&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET z
px.surveywall-api.survata.com/ Frame FEC6 0
0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=436864407133840478

43 B
556 B

107ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=436864407133840478

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: RQY8NKJ8NP7TX87RMF8P
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
server: nginx
location: https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=436864407133840478
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=d74d52df-b08a-11ec-8440-1974e5cf0106
https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=d74d5298-b08a-11ec-8440-1974e5cf0106

43 B
556 B

106ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=d74d5298-b08a-11ec-8440-1974e5cf0106

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 3HEP4SJWQ9N5YSXCQJA3
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Thu, 31 Mar 2022 00:38:10 GMT
Server: nginx
Location: https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=d74d5298-b08a-11ec-8440-1974e5cf0106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 103
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D
https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%22ca381b52-ff8c-475b-a7fe-9b5965da653d%22,%22Time%22:%2220220331T003810.620317%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%]
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=ca381b52-ff8c-475b-a7fe-9b5965da653d

43 B
556 B

105ms
104ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=ca381b52-ff8c-475b-a7fe-9b5965da653d

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: C89T3NR0QZFW18Q241SY
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=ca381b52-ff8c-475b-a7fe-9b5965da653d
Server: LogModule 0.4
Content-Length: 204
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEO_GOFHF8yRX9ofTrJBXvCM&google_cver=1

43 B
556 B

105ms
105ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEO_GOFHF8yRX9ofTrJBXvCM&google_cver=1

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 6Y4GNZENK8PBHBJCVGE5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEO_GOFHF8yRX9ofTrJBXvCM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=amzn
https://s.amazon-adsystem.com/ecm3?ex=krux.com&id=Ov9sW-lV

43 B
556 B

121ms
107ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=krux.com&id=Ov9sW-lV

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 1QMQGV0WSTBZMMMSNTCJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: //s.amazon-adsystem.com/ecm3?ex=krux.com&id=Ov9sW-lV
date: Thu, 31 Mar 2022 00:38:10 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a001-ash-prod.krxd.net

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=b7742671dc18d74e4f568382183d7137

43 B
556 B

107ms
107ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=b7742671dc18d74e4f568382183d7137

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: A96QNFV9WRWA2NRRWQ61
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Thu, 31 Mar 2022 00:38:10 GMT
via: 1.1 271c2e1e305f31b0f14837cad3c843b0.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=b7742671dc18d74e4f568382183d7137
content-length: 108
x-amz-cf-id: N_VwwM2TLLgyXU-owxXLZgrGTOWwGVxpaz1r0rPLVcdNN4v8RsZFbA==

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame FEC6 43 B
305 B 71ms
26ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__
https://s.amazon-adsystem.com/ecm3?ex=index&id=KxbAwZEF1mzbTA6H-9yb1Tc4dMQ4ZgIC

43 B
556 B

106ms
105ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=index&id=KxbAwZEF1mzbTA6H-9yb1Tc4dMQ4ZgIC

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VVMFBC0P655HMD1CXVHW
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://s.amazon-adsystem.com/ecm3?ex=index&id=KxbAwZEF1mzbTA6H-9yb1Tc4dMQ4ZgIC
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 267
Expires: Thu, 31 Mar 2022 00:38:10 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=466D2E0FEBC279C6

43 B
556 B

127ms
109ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=semasio&id=466D2E0FEBC279C6

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: HVGG9BQ603148YP1EMAH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
frontend-id: 4
location: https://s.amazon-adsystem.com/ecm3?ex=semasio&id=466D2E0FEBC279C6
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
https://s.amazon-adsystem.com/ecm3?id=5797196673162993913&ex=appnexus.com

43 B
556 B

107ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=5797196673162993913&ex=appnexus.com

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8NASZGD92W75G7W2M9MZ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 51454cbb-ecf5-4289-95f8-a51a3d94c24f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.amazon-adsystem.com/ecm3?id=5797196673162993913&ex=appnexus.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzgmdGw9MTI5NjAw&piggybackCookie=_fpD-nKIQFCfO5PUZSTdhw&rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DpubmaticHMT%26id%...
https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=_fpD-nKIQFCfO5PUZSTdhw

43 B
556 B

107ms
106ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=_fpD-nKIQFCfO5PUZSTdhw

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:11 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: K78JXF3EH1GMFPY0MVS4
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=_fpD-nKIQFCfO5PUZSTdhw
date: Wed, 30 Mar 2022 18:45:32 GMT
cache-control: no-store, no-cache, private
x-lat: amspug0023:0:306
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://token.rubiconproject.com/token?pid=2179&pt=n
https://s.amazon-adsystem.com/ecm3?id=4kh3lxYAmykurrKJ6Q8JNsWWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok

43 B
556 B

107ms
107ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=4kh3lxYAmykurrKJ6Q8JNsWWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 0812QCAE28JN2GDV4XWY
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?id=4kh3lxYAmykurrKJ6Q8JNsWWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=bNjF4LnqRpCZs-aqXJQLAw&
https://s.amazon-adsystem.com/ecm3?ex=googleHMT

43 B
556 B

103ms
103ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=googleHMT

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2FSK2WN5WY62ETQGMQTG
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.amazon-adsystem.com/ecm3?ex=googleHMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 /
loadus.exelator.com/load/ Frame FEC6 0
324 B 126ms
27ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadus.exelator.com/load/?p=204&g=8888&j=0
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=QXAm7cgmSL-bOZm8VClrsQ&ex-pl-n-g-hmt=bNjF4LnqRpCZs-aqXJQLAw&ep=mfS4I4Lxm4iN8M-0MyueFSsMdzkAYrevRgrwm8O7g8cqE3e2qIjNAeivNcQQx-ek81eEVb6gBICnCYl1FimiP6VV1Oyc-W6G9hishdzOEbAZnVao34mFd141nMkz979dx3Cjgi4Xd2gKwzwjx-FMwgznBApucjWFPZOfup0abSA98UfYhi4olG0dnz0abafHiW4BOOP6LzD7oz5-KKxC63_71RAb1pvnyhu_C_OfvibY1r-I6I_pfSqvTZyTcs4rgHTXHyDVj2mnDleGGt3oWIbRA4Vlvo92oKDN1-A4pJE14HwFJra_VUln2cTZOa9FqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DF3F744621507A5830217EF0F

43 B
556 B

107ms
107ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DF3F744621507A5830217EF0F

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:11 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: QXG4T7N4CZDNFDKV75KP
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Thu, 31 Mar 2022 00:38:11 GMT
Server: openresty/1.15.8.2
P3P: CP="This is not a P3P policy! See http://www.ninthdecimal.com/privacy-policy-terms-of-service for more info."
Location: https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DF3F744621507A5830217EF0F
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html
Content-Length: 151
Expires: Thu, 31 Mar 2022 00:38:10 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=eda0a5f4d707bd082ed0503baa29eb8ccb26f54fb728496b7064187730b5ef8c

43 B
556 B

104ms
104ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=eda0a5f4d707bd082ed0503baa29eb8ccb26f54fb728496b7064187730b5ef8c

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KJYEHM731GRVKHF73F94
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Mar 2022 00:38:10 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=eda0a5f4d707bd082ed0503baa29eb8ccb26f54fb728496b7064187730b5ef8c
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 0
retry-after: 0
expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1
https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=43C48F2B-B73E-45DC-8C6D-7F17FA80C4FA

43 B
556 B

114ms
114ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=43C48F2B-B73E-45DC-8C6D-7F17FA80C4FA

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:11 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 16380T70DWVGJW96QSQA
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=43C48F2B-B73E-45DC-8C6D-7F17FA80C4FA
date: Thu, 31 Mar 2022 00:38:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame FEC6
Redirect Chain

https://sync.taboola.com/sg/amazon-a9-network/1/rtb
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e44b11b8-6f29-4a3f-a0e7-7ace0b9023d0-tuct93e7d72

43 B
556 B

107ms
107ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e44b11b8-6f29-4a3f-a0e7-7ace0b9023d0-tuct93e7d72

Requested by

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Mar 2022 00:38:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GB5057V2D4J27ZY64HKS
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e44b11b8-6f29-4a3f-a0e7-7ace0b9023d0-tuct93e7d72
date: Thu, 31 Mar 2022 00:38:10 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13721

GET
H2 200 2021-Hero-LW-PDP-Component.png
cld.accentuate.io/39284083490858/1621368541907/ 3 KB
4 KB 77ms
29ms Image
image/png 2606:4700:20::681a:54f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cld.accentuate.io/39284083490858/1621368541907/2021-Hero-LW-PDP-Component.png?v=1633706308319&options=w_200,h_200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:54f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

220e831d6da4f719109fb1056b6a2503ff1caa1a3a2d75f108fc2a6a039130e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2452879
cf-ray: 6f4505496b49916b-FRA
server-timing: fastly;dur=0;start=2022-03-02T15:16:51.686Z;desc=hit,rtt;dur=87
vary: Accept-Encoding
content-length: 2838
last-modified: Fri, 08 Oct 2021 15:21:43 GMT
server: cloudflare
etag: "32cbdc511c4c0d3282b94eef14202cf4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwnfddUYaHn%2BoywiaGzwL4iC%2Fl45f0MSGvpQ1BxvzqMaBuGRNqFGlnUPe%2F3XFuXguCmqFOusona%2BOzMX9mFR01b%2FQPBgaOBrHXokPdQhbfSDkik1xwzJbUJbLfIrKJKcwd0C3NdQPiwK4UH3X%2BzH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, max-age=31557600, no-transform, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 136ms
49ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: staticw2.yotpo.com
URL: https://staticw2.yotpo.com/WXIgH9Bt6STxUW0x3woaABNlpYTzZ4gpEhRmW1ax/widget.css?widget_version=2022-01-23_10-47-18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d402b35e6e0d996cc57dfb1f40a87b672f1eb4dfe0744da6d9c40b0d26592815

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://staticw2.yotpo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 23:05:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 31 Mar 2022 00:38:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 31 Mar 2022 00:38:10 GMT

POST
H3 200 produce
monorail-edge.shopifysvc.com/v1/ 0
861 B 161ms
130ms Ping
text/plain 104.16.255.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://monorail-edge.shopifysvc.com/v1/produce

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.255.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
access-control-allow-methods: OPTIONS,POST
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc: gcp-us-east1,us-east1
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-request-id: a607057a-c5d2-48d2-913e-7d44d1af91f4
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRPoYU%2B%2BlyhKi1EvhpsO7WndqNX6XC%2BxzgAMcwkqsx1IENQGyzUDQvxHZxgDfxfrIKl2aLwHCMLliDuPJ4eHorxdn4fgopKDPsEBrjTHT9A%2FzNv3WKwE1WJbMp2MHxyQn4W5ZBJ8h6RY8ky%2F590%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://www.herocosmetics.us
access-control-allow-credentials: true
cf-ray: 6f45054acb4a9bec-FRA
access-control-allow-headers: User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For

GET
H2 200 bootstrap.min.css
cdn-swell-assets.yotpo.com/ Frame E7F7 128 KB
17 KB 7ms
7ms Stylesheet
text/css 192.229.233.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-swell-assets.yotpo.com/bootstrap.min.css
Requested by: Host: cdn-swell-assets.yotpo.com
URL: https://cdn-swell-assets.yotpo.com/app.v1.0.362.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.223 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: d85fdb38867dbfd85d49d3711045f03ba72cccfc3217003f911b34d18a05d580

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
content-encoding: gzip
last-modified: Sat, 03 Nov 2018 07:07:15 GMT
server: ECS (frb/67BC)
age: 24102615
etag: "ac7e8e8ff20e7d843326d71a28ecb087+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=315360000
x-amz-request-id: 79MJEZWPXMC7A7RR
content-length: 16944
x-amz-version-id: null
x-amz-id-2: e2iSR1D67Sfe+Eugix0aGXPrBmYbBfYSc5EmsV3wpzUzNfYn9qDJFLibjIVM5uq7CFEeENp3QYU=

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame E7F7 30 KB
7 KB 54ms
23ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: cdn-swell-assets.yotpo.com
URL: https://cdn-swell-assets.yotpo.com/app.v1.0.362.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 00:38:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
age: 5912763
cdn-cachedat: 11/15/2021 21:49:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 8b677d48aa464c28c0815c97adbbe174
cf-ray: 6f45054b49cb6921-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 5 KB
665 B 96ms
50ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans:400,bold,normal

Requested by

Host: cdn-swell-assets.yotpo.com
URL: https://cdn-swell-assets.yotpo.com/app.v1.0.362.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fa3bcc93d1be83ac7d82cd6182d25741cdef5d016e40436266df12a50abbebc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.herocosmetics.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 00:38:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 31 Mar 2022 00:38:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 31 Mar 2022 00:38:10 GMT

POST
H2 204 collect Show response
k.clarity.ms/ 0
48 B 290ms
289ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://www.herocosmetics.us
date: Thu, 31 Mar 2022 00:38:10 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H3 200 css
fonts.googleapis.com/ Frame E7F7 5 KB
665 B 50ms
50ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans:400,bold,normal

Requested by

Host: cdn-swell-assets.yotpo.com
URL: https://cdn-swell-assets.yotpo.com/app.v1.0.362.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fa3bcc93d1be83ac7d82cd6182d25741cdef5d016e40436266df12a50abbebc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 00:38:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 31 Mar 2022 00:38:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 31 Mar 2022 00:38:10 GMT

POST
H2 204 collect Show response
k.clarity.ms/ 0
48 B 108ms
108ms XHR
text/plain 20.96.88.162
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.96.88.162 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://www.herocosmetics.us
date: Thu, 31 Mar 2022 00:38:12 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

POST
H2 200 / Show response
api-js.mixpanel.com/track/ 25 B
374 B 114ms
40ms XHR
application/json 35.186.241.51

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1648687094140

Requested by

Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.241.51 -, , ASN (),

Reverse DNS

Software

envoy /

Resource Hash

e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://www.herocosmetics.us/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Thu, 31 Mar 2022 00:38:14 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.herocosmetics.us
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 19
alt-svc: clear
content-length: 25

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: geoip-db.com
URL: https://geoip-db.com/jsonp?callback=callback&_=1648687088558

Domain: px.surveywall-api.survata.com
URL: https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D

Verdicts & Comments Add Verdict or Comment

235 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

101 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 01:59:33	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
.theskimm.com/	1970-01-20 10:44:04	Name: sailthru_hid Value: 2ecf19175c7e0280f61d2238e93039175f6a2b76e5684b7151211d5d9fe55c193ab79553e5e72ec6aabc514d
.theskimm.com/	1970-01-20 01:58:17	Name: sailthru_bid Value: 27196228.2339958
.skimmth.is/	1970-01-20 06:17:19	Name: _bit Value: m2v0C7-67314d158bdc556b0a-00M
www.herocosmetics.us/	1970-01-20 02:18:16	Name: localization Value: DE
www.herocosmetics.us/	1970-01-20 02:18:16	Name: cart_currency Value: USD
www.herocosmetics.us/	1970-01-20 02:18:16	Name: cart Value: 9549d3131224ab7aea65fc36502d68cc
www.herocosmetics.us/	1970-01-20 02:18:16	Name: cart_ts Value: 1648687087
www.herocosmetics.us/	1969-12-31 23:59:59	Name: discount_code Value: MARSKIMM
www.herocosmetics.us/	1970-01-20 02:18:16	Name: cart_sig Value: 222fb77513ec1f33f0bf70c5663c1218
www.herocosmetics.us/	1970-01-20 10:43:43	Name: secure_customer_sig Value:
www.herocosmetics.us/	1970-01-20 02:18:16	Name: cart_ver Value: gcp-us-east1%3A2
.herocosmetics.us/	1970-01-20 10:43:43	Name: _y Value: 3db0b24f-f9cb-4ef0-b1fe-ba7d21b019ef
.herocosmetics.us/	1970-01-20 01:58:08	Name: _s Value: 4fe511ff-927b-4af0-aa7d-9b8333045033
.herocosmetics.us/	1970-01-20 10:43:43	Name: _shopify_y Value: 3db0b24f-f9cb-4ef0-b1fe-ba7d21b019ef
.herocosmetics.us/	1970-01-20 01:58:08	Name: _shopify_s Value: 4fe511ff-927b-4af0-aa7d-9b8333045033
.herocosmetics.us/	1970-01-20 02:18:16	Name: _orig_referrer Value:
.herocosmetics.us/	1970-01-20 02:18:16	Name: _landing_page Value: %2Fpages%2Ftheskimm%3Futm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm
.herocosmetics.us/	1970-01-20 01:58:08	Name: _shopify_sa_t Value: 2022-03-31T00%3A38%3A08.421Z
.herocosmetics.us/	1970-01-20 01:58:08	Name: _shopify_sa_p Value: utm_source%3Dpartnership%26utm_medium%3Dnewsletter-takeover%26utm_campaign%3D0331-theskimm
www.herocosmetics.us/	1970-01-20 02:41:19	Name: aw_source Value: partnership
www.herocosmetics.us/	1970-01-20 19:29:19	Name: __kla_id Value: eyIkcmVmZXJyZXIiOnsidHMiOjE2NDg2ODcwODksInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vd3d3Lmhlcm9jb3NtZXRpY3MudXMvcGFnZXMvdGhlc2tpbW0/dXRtX3NvdXJjZT1wYXJ0bmVyc2hpcCZ1dG1fbWVkaXVtPW5ld3NsZXR0ZXItdGFrZW92ZXImdXRtX2NhbXBhaWduPTAzMzEtdGhlc2tpbW0ifSwiJGxhc3RfcmVmZXJyZXIiOnsidHMiOjE2NDg2ODcwODksInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vd3d3Lmhlcm9jb3NtZXRpY3MudXMvcGFnZXMvdGhlc2tpbW0/dXRtX3NvdXJjZT1wYXJ0bmVyc2hpcCZ1dG1fbWVkaXVtPW5ld3NsZXR0ZXItdGFrZW92ZXImdXRtX2NhbXBhaWduPTAzMzEtdGhlc2tpbW0ifX0=
www.herocosmetics.us/	1970-01-20 01:58:10	Name: shopify_pay_redirect Value: pending
.herocosmetics.us/	1970-01-20 10:43:43	Name: _pin_unauth Value: dWlkPU4yRmpNR0psWldFdE1USTBaUzAwTURJeExUaGxNV010TW1VMU9ERmtPRE00WldJeQ
.ct.pinterest.com/	1970-01-20 10:43:43	Name: _pinterest_ct_ua Value: "TWc9PSZsSERWWGY2TTVOM0NCRGcvKzErd2tvTW9NSldVQWg4OTJTQ2VMOFVkK2JTa0VZekZBVmJoYTloT1ZHMXRNelBtb01wdE5RNDBHb2I0Y0tDeHJmUGhmemZldXArL0Y0bVNZVW9rTTVBWW5Idz0ma3pCdXVxMjZSNVViZ1RBVHNTYjFBWEowU3BvPQ=="
.herocosmetics.us/	1970-01-20 04:07:43	Name: _gcl_au Value: 1.1.1627649.1648687089
www.herocosmetics.us/	1970-01-20 19:29:19	Name: _sp_id.4add Value: 5d4a1a64c0b087a3.1648687089.1.1648687089.1648687089
www.herocosmetics.us/	1970-01-20 01:58:08	Name: _sp_ses.4add Value: *
.herocosmetics.us/	1970-01-20 04:07:43	Name: _rdt_uuid Value: 1648687089130.d28d32f1-ebaf-4bf6-b18e-05ffb205b9eb
.bing.com/	1970-01-20 11:19:43	Name: MUID Value: 13BDA66E9C8369CB3B22B7169D516890
.herocosmetics.us/	1970-01-20 10:43:43	Name: mp_96dd5e317dbb929c96626f744cffd5ec_mixpanel Value: %7B%22distinct_id%22%3A%20%2217fdd6885fa19a-01492adabf63a4-1f343371-1d4c00-17fdd6885fbcd9%22%2C%22%24device_id%22%3A%20%2217fdd6885fa19a-01492adabf63a4-1f343371-1d4c00-17fdd6885fbcd9%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%22%24os%22%3A%20%22Windows%22%2C%22%24browser%22%3A%20%22Chrome%22%2C%22%24browser_version%22%3A%20100%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22utm_source%20%5Blast%20touch%5D%22%3A%20%22partnership%22%2C%22utm_medium%20%5Blast%20touch%5D%22%3A%20%22newsletter%20takeover%22%2C%22utm_campaign%20%5Blast%20touch%5D%22%3A%20%220331%20theskimm%22%7D%2C%22__mpso%22%3A%20%7B%22utm_source%20%5Bfirst%20touch%5D%22%3A%20%22partnership%22%2C%22utm_medium%20%5Bfirst%20touch%5D%22%3A%20%22newsletter%20takeover%22%2C%22utm_campaign%20%5Bfirst%20touch%5D%22%3A%20%220331%20theskimm%22%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%2C%22utm_source%20%5Blast%20touch%5D%22%3A%20%22partnership%22%2C%22utm_medium%20%5Blast%20touch%5D%22%3A%20%22newsletter%20takeover%22%2C%22utm_campaign%20%5Blast%20touch%5D%22%3A%20%220331%20theskimm%22%2C%22utm_source%22%3A%20%22partnership%22%2C%22utm_medium%22%3A%20%22newsletter-takeover%22%2C%22utm_campaign%22%3A%20%220331-theskimm%22%7D
.herocosmetics.us/	1970-01-20 01:59:33	Name: _gid Value: GA1.2.1669888098.1648687089
.herocosmetics.us/	1970-01-20 01:58:07	Name: _gat_UA-102753205-1 Value: 1
.herocosmetics.us/	1970-01-20 04:07:43	Name: _fbp Value: fb.1.1648687089207.261350689
.yotpo.com/	1970-01-20 10:43:43	Name: pixel Value: a48ecbe8-47c0-4d37-7066-31f49b883bf3
.herocosmetics.us/	1970-01-20 11:27:53	Name: _scid Value: d719ef29-3691-4b5f-a23e-85f005720a1d
.herocosmetics.us/	1970-01-20 19:29:19	Name: _ga_D939QWJC76 Value: GS1.1.1648687089.1.0.1648687089.0
.herocosmetics.us/	1970-01-20 19:29:19	Name: _ga Value: GA1.1.1818124570.1648687089
.snapchat.com/	1970-01-20 11:19:43	Name: sc_at Value: v2\|H4sIAAAAAAAAAAXBgQ0AMAQEwIkktF51HKGmMHzvJA1caKojIA0D3RWPPJZmVu4WzIipmx/2O/wBAl3wGzIAAAA=
.twitter.com/	1970-01-20 19:29:19	Name: personalization_id Value: "v1_pmwD9q5LdpwEkoPa5QrLGg=="
.herocosmetics.us/	1970-01-20 10:43:43	Name: _hjSessionUser_1133465 Value: eyJpZCI6IjM2NjIzYzYyLTc1MTYtNWUxNi1iNDE3LTJiYzMwZjBlOWE3MiIsImNyZWF0ZWQiOjE2NDg2ODcwODkzNDEsImV4aXN0aW5nIjpmYWxzZX0=
.herocosmetics.us/	1970-01-20 01:58:08	Name: _hjFirstSeen Value: 1
www.herocosmetics.us/	1970-01-20 01:58:07	Name: _hjIncludedInSessionSample Value: 0
.herocosmetics.us/	1970-01-20 01:58:08	Name: _hjSession_1133465 Value: eyJpZCI6ImQwMWE2ZjYxLWUwOWItNDk1MC1hMzVmLTY4Yjg5NDVhZDNiNyIsImNyZWF0ZWQiOjE2NDg2ODcwODk0MTUsImluU2FtcGxlIjpmYWxzZX0=
.herocosmetics.us/	1970-01-20 01:58:08	Name: _hjAbsoluteSessionInProgress Value: 0
mpsnare.iesnare.com/	1970-01-20 10:43:43	Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef Value: j1f9wmTfZuh60MSIAvZBsvBzE0ZCYCXMQX8HHSe0LnU=
.c.bing.com/	1970-01-20 11:19:43	Name: SRM_B Value: 13BDA66E9C8369CB3B22B7169D516890
.t.co/	1970-01-20 19:29:19	Name: muc_ads Value: 46fdcded-24a2-406c-9a18-c08b840a58d5
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 11:19:43	Name: MUID Value: 13BDA66E9C8369CB3B22B7169D516890
.c.clarity.ms/	1970-01-20 01:58:07	Name: ANONCHK Value: 0
.herocosmetics.us/	1970-01-20 01:59:33	Name: _uetsid Value: d679a870b08a11ecb79f015cefdbd046
.herocosmetics.us/	1970-01-20 11:19:43	Name: _uetvid Value: d679d930b08a11ec8bd803791d78f91b
widget-mediator.zopim.com/	1970-01-20 02:08:11	Name: AWSALBCORS Value: f+C1no6AaRoeW4hPG1eXduq0oBCuSqHb/SyoY+4BY+WdmetDEMQI8GKYPEdAX9d6Bv6qEpC+AFN0mZlXsRQfwNdS2ptOferVSiPUkeLcdRO5XZNpXOkBRYeevVBs
.amazon-adsystem.com/	1970-01-20 06:23:04	Name: ad-id Value: A22jFBqwA0ErpIZNGnL5iIg
.amazon-adsystem.com/	1970-01-21 21:48:59	Name: ad-privacy Value: 0
.herocosmetics.us/	1970-01-20 10:43:43	Name: _clck Value: bo5id8\|1\|f08\|0
.herocosmetics.us/	1970-01-20 10:43:43	Name: __zlcmid Value: 19GkobZl6vmDRvY
.advertising.com/	1970-01-20 10:45:09	Name: APID Value: UPd6f1f843-b08a-11ec-a38f-0214991a90ae
.casalemedia.com/	1970-01-20 10:43:43	Name: CMID Value: YkT38cExnBSrHk2zgrn14AAA
.casalemedia.com/	1970-01-20 04:07:43	Name: CMPS Value: 3268
.agkn.com/	1970-01-20 10:43:43	Name: ab Value: 0001%3AmfXYBJkgwKtkDTqf96DlFsaIfTzzHdsg
.yahoo.com/	1970-01-20 10:44:04	Name: A3 Value: d=AQABBPL3RGICED3iYji-FBdZQOB2WzPhS8QFEgEBAQFJRmJOYgAAAAAA_eMAAA&S=AQAAAs0W6xCkQ4cir4J-GFH6fkw
.casalemedia.com/	1970-01-20 04:07:43	Name: CMPRO Value: 1187
.casalemedia.com/	1970-01-20 01:59:33	Name: CMST Value: YkT38mJE9-IA
.casalemedia.com/	1970-01-20 10:43:43	Name: CMRUM3 Value: c66244f7f22760W_vEmG1GTcymV2cEPsmFrw
.analytics.yahoo.com/	1970-01-20 10:43:43	Name: IDSYNC Value: 195g~2420
.herocosmetics.us/	1970-01-20 01:59:33	Name: _clsk Value: 1v5toa1\|1648687090061\|1\|1\|k.clarity.ms/collect
.zeotap.com/	1970-01-20 10:43:43	Name: zc Value: f6e0b0a4-c290-435f-5150-6b11cf384239
.bidswitch.net/	1970-01-20 10:43:43	Name: tuuid Value: b412e4c8-2cbc-4d73-a8ba-084bd860f85b
.bidswitch.net/	1970-01-20 10:43:43	Name: c Value: 1648687090
.bidswitch.net/	1970-01-20 10:43:43	Name: tuuid_lu Value: 1648687090
ads.stickyadstv.com/	1970-01-20 02:41:19	Name: UID Value: de71ba2d8d47be46df738663464fd62b
ads.stickyadstv.com/	1970-01-20 02:18:16	Name: uid-bp-30833 Value: 1
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 6fa181cf105dc5542e1f694eb6f585b2
.krxd.net/	1970-01-20 06:17:19	Name: _kuid_ Value: Ov9sW-lV
.mookie1.com/	1970-01-20 11:26:55	Name: id Value: 10812368650802890455
.mookie1.com/	1970-01-20 11:26:55	Name: mdata Value: 1\|10812368650802890455\|1648687090422
.mookie1.com/	1970-01-20 11:26:55	Name: ov Value: 4fb5246fdc541c3bdcd6d4311306d0b7
.demdex.net/	1970-01-20 06:17:19	Name: demdex Value: 52064747112953455062459007380188991176
.adform.net/	1970-01-20 02:41:19	Name: C Value: 1
.adform.net/	1970-01-20 03:24:31	Name: uid Value: 436864407133840478
.dpm.demdex.net/	1970-01-20 06:17:19	Name: dpm Value: 52064747112953455062459007380188991176
bs.serving-sys.com/	1969-12-31 23:59:59	Name: r1 Value: 1648687090_1
.serving-sys.com/	1970-01-20 04:07:43	Name: u2 Value: ca381b52-ff8c-475b-a7fe-9b5965da653d4Ga060
.scorecardresearch.com/	1970-01-20 19:14:55	Name: UID Value: 1C2c1f984e44abea2f65e5a1648687090
.spotxchange.com/	1970-01-20 10:43:47	Name: audience Value: d74d5298-b08a-11ec-8440-1974e5cf0106
.doubleclick.net/	1970-01-20 11:19:43	Name: IDE Value: AHWqTUkwJnwAdCqvAozUBdljFpnNOXGNxIg-ynA0II-Bn0f4_cRYj-SuJfSMSpmUSDw
.myvisualiq.net/	1970-01-20 19:29:19	Name: tuuid Value: a505c512-63f1-4c24-a1e5-e627c5d5c8cf
.myvisualiq.net/	1970-01-20 19:29:19	Name: c Value: 1648687090
.myvisualiq.net/	1970-01-20 19:29:19	Name: tuuid_lu Value: 1648687090
ads.samba.tv/	1970-01-20 11:28:21	Name: sambapxid Value: f2493c1f049c6002
.adnxs.com/	1970-01-20 04:07:43	Name: uuid2 Value: 5797196673162993913
.semasio.net/	1970-01-20 10:43:43	Name: SEUNCY Value: 466D2E0FEBC279C6
.ispot.tv/	1970-01-20 19:29:19	Name: pt Value: v2:eda0a5f4d707bd082ed0503baa29eb8ccb26f54fb728496b7064187730b5ef8c\|c6cbfa660e7a14ba9d001161b193eea5f9557a7f05a9955dfb933ee4a3408ed7
.pubmatic.com/	1970-01-20 04:07:43	Name: KRTBCOOKIE_290 Value: 23261-_fpD-nKIQFCfO5PUZSTdhw
.pubmatic.com/	1970-01-20 02:41:19	Name: PugT Value: 1648665932
.pubmatic.com/	1970-01-20 04:07:43	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-20 01:59:33	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 04:07:43	Name: KADUSERCOOKIE Value: 43C48F2B-B73E-45DC-8C6D-7F17FA80C4FA
.ninthdecimal.com/	1970-01-20 06:17:19	Name: ndat Value: LU+0v2JE9/ODpQcVD+8XAg==

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.shopify.com/s/files/1/2181/4481/t/34/assets/FuturaPT-Heavy.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	warning	URL: https://www.herocosmetics.us/pages/theskimm?utm_source=partnership&utm_medium=newsletter-takeover&utm_campaign=0331-theskimm Message: The resource https://cdn.shopify.com/s/files/1/2181/4481/t/34/assets/FuturaPT-Heavy.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
Strict-Transport-Security	max-age=7889238
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ads.samba.tv
ads.stickyadstv.com
alb.reddit.com
amazon.partners.tremorhub.com
analytics.tiktok.com
analytics.twitter.com
api-js.mixpanel.com
app.backinstock.org
app.swellrewards.com
bat.bing.com
beacon.krxd.net
bingshoppingtool-t2app-prod.trafficmanager.net
bs.serving-sys.com
c.bing.com
c.clarity.ms
c1.adform.net
cdn-loyalty.yotpo.com
cdn-swell-assets.yotpo.com
cdn.attn.tv
cdn.shopify.com
cdn4.mxpnl.com
cdnjs.cloudflare.com
cld.accentuate.io
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
ct.pinterest.com
d275fvz7g8rvo.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
ekr.zdassets.com
fonts.googleapis.com
geoip-db.com
googleads.g.doubleclick.net
herocosmetics.zendesk.com
ib.adnxs.com
image2.pubmatic.com
image6.pubmatic.com
k.clarity.ms
lciapi.ninthdecimal.com
link.theskimm.com
live.bb.eight-cdn.com
lm.serving-sys.com
loadus.exelator.com
maxcdn.bootstrapcdn.com
monorail-edge.shopifysvc.com
mpsnare.iesnare.com
mwzeom.zeotap.com
odr.mookie1.com
p.yotpo.com
pi.ispot.tv
pixel.advertising.com
pixel.rubiconproject.com
px.surveywall-api.survata.com
s.amazon-adsystem.com
s.pinimg.com
sb.scorecardresearch.com
sc-static.net
script.hotjar.com
shop.app
shopify-gtm-suite.getelevar.com
skimmth.is
ssapi.herocosmetics.us
ssum-sec.casalemedia.com
static-tracking.klaviyo.com
static.ads-twitter.com
static.hotjar.com
static.klaviyo.com
static.myshlf.us
static.zdassets.com
staticw2.yotpo.com
stats.g.doubleclick.net
sync.search.spotxchange.com
sync.taboola.com
t.co
t.myvisualiq.net
tags.bluekai.com
token.rubiconproject.com
tr.snapchat.com
uipglob.semasio.net
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
usersync.samplicio.us
vars.hotjar.com
www.dwin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.herocosmetics.us
www.imdb.com
www.redditstatic.com
x.bidswitch.net
geoip-db.com
px.surveywall-api.survata.com
104.16.255.71
104.16.53.111
104.18.70.113
104.18.72.113
104.244.42.195
104.244.42.69
108.157.4.15
108.157.5.251
141.226.228.48
142.250.185.130
142.250.186.98
143.204.95.155
143.204.98.102
143.204.98.104
143.204.98.64
143.204.98.76
151.101.128.84
151.101.2.132
151.101.2.133
18.158.155.73
18.158.201.231
18.215.127.208
18.232.212.195
185.33.221.53
185.64.189.110
185.64.190.78
185.94.180.125
192.229.233.223
199.232.136.157
2.18.234.233
2.21.141.232
20.96.88.162
2001:4860:4802:34::15
209.54.180.144
212.82.100.182
23.227.38.33
23.227.38.74
23.36.163.232
2600:1f18:612b:4200:fed4:35ed:3821:843c
2600:9000:2156:1000:1:d5ae:c900:21
2600:9000:2156:5800:f:8ce2:fb80:93a1
2600:9000:2315:1400:1c:9484:cec0:93a1
2606:4700:10::ac43:db6
2606:4700:20::681a:54f
2606:4700:20::681a:c9e
2606:4700:3030::6815:3d8b
2606:4700::6810:125e
2606:4700::6810:7eaf
2606:4700::6812:bcf
2620:1ec:c11::200
2a00:1450:4001:803::2004
2a00:1450:4001:808::2008
2a00:1450:4001:810::2003
2a00:1450:4001:811::200e
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2002
2a00:1450:400c:c00::9d
2a02:26f0:3500:889::1d72
2a02:26f0:3500:893::1931
2a02:26f0:fb:5a0::1d72
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a04:4e42:400::268
2a04:4e42::396
3.121.35.193
3.121.45.11
3.126.56.137
3.226.166.212
3.68.182.119
3.93.204.138
34.120.58.162
34.235.216.103
34.254.143.3
34.98.64.218
34.98.67.61
35.186.226.184
35.186.235.23
35.186.241.51
37.157.2.239
40.85.149.70
45.79.180.191
52.142.114.2
52.28.129.116
52.52.42.174
54.154.124.119
54.195.39.4
67.199.248.12
69.173.144.138
69.173.144.165
69.192.160.219
77.243.60.138
79.125.14.53
0132fa782db515ae10b5709fba1b755851d22ec063d3f21fe62226b04b2021e2
018e1aaa233851f38c3a43b05b8026f2ea7d40710360e12268bb4d5ef886e797
025bb60376c5c91d7880bbb48f3903ab908c3b474faa79a2d1728729cd1ec751
0b653c2d9bfa024b3e71c8b41166b3eac093feb4941d94f05dca7a4ca4067265
0bbb9ba9a8993f8c10104ab2239ca496b4d2c18a1eaf9be6f6cabe4bcc3dde6b
0d542c4608bda1884da8d94f0c1afa40fe41f1933f94fd81900cf27fd2ef9b19
0f73c31dfba7cd6d783614a5796eb208194f19166df5212467d48b6685e692bd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
218d1d3dc7c9a5f392d9a4300ad39d5528f90f94519c5b4c88db24acb5c6be16
220e831d6da4f719109fb1056b6a2503ff1caa1a3a2d75f108fc2a6a039130e8
2b40e69b4b5c337e07359025eb264e9125b5228ed972eb8f0f95785a520af271
2bba4f6297c4d6cfeb1a9e8f2511fc1c24f93863728b216bfb213faf0fd7f669
324f038c7f905eacb4d5159beedcd3a107da4405d0d39f6b40302ec249843ed7
32e7c529d0419ae439900660187336c2c5f94606f99a278cd9cd215d911b6c42
3366ffadff1ba39ef2c74f08f47342e2a781f0952c8cf1aeb9e731dfe3bbed9f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3cf0508247bad5a2f3d49f841b4067d5951a8afa42b19cfb437a48db181b2e90
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
3fa4fd1e31aabb8a3ff5f8bbaae61c86fcb33566abfc08a3b9ff473eaff624d2
4112e24c0f08e63e179a1623a1e09e4d81b0a47977cf8d34563f4f91ab351b2a
41439e467e1e4801a901c59ca520952557ce71c61dddb071b4b5814a1b7da981
43b0a448dfabca1c64deab31c9b3b004d41bac8fafc0796a4f5675cea0dda5a8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4934ac0d18e092eeb7ca6d7acbabfde67a4c3326ea02fa126bef32e9011fe7dd
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
4c718e6c04604e704e210624d400222cd989eb140a8b7ff479ced4f7c116e96e
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6a565ae41929e4f292ac16a6dd242138e28fb4529e80b2acd0031b6b0bee2e
50bb211c6c8a9f2f74ffa220dfcb6365fdda28ca6544da1671e3e1657d50b27f
53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407
570c18a72f8c237ee28c78cc10ac99cece43c0b4a95aa2afd497dd70716dc5fc
620c089d4f76b3e0bec673e32271f3225e2d6280756bcfe4f2c61f1e70fa9e9e
6903d61b1cc414c444950c4aab5ceb178c35269902df7acf00057c3317098083
6940b24ef4f1e0836aab174afc3990d6bd16dbf0e9afe4000b0fbb24bb9e89d5
6a3dbb230b9c333a39405f7dc4115a91bb3dcae67f68c76ac5c81451dc2f4ac2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e764ad12820c8fa355ebec189868b22da2c8a15105fa5b6b75dc3eab0e9dbe0
6ff07560fd983077987b470f119b1d358bae669e5a03b70b34d766270ca12c12
70f1512ffd71cd41d86b4d9518594c674f5e9e4e9296e52f63d605ca9ea43f94
7594b5b004d92a957618cf442dab030acf7c392de49cbac3e969f06c0498a376
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79b4c0a50f2546ddfd5d75770c57ed8531d132545c7f2923dd05748ad905e678
7b3a311e463360814d373ee4ebd1f7ed7f2168953f50b409c5f0115d9bfe89e5
82a3ebb0e6b05eeb178b05ed29d9c63aa3b76bd55c458d20b55367366fa85a48
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d
846897c71efff681d519f2e91e2817c3d92c0f0dcf761f0ac593c5190dcf991c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
87462430ad4d1e090f68f281736a99eb7266a384ba67d1bb701910bd21c3230a
87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae
89c995b5aa2ebb453c8b3380fa90ad6e04864d70b52a02ac63ebb33cfad744b5
8a2a23f01aafbc0e214b874b8541188c61740706d8e7e899bbff062a42f2a5bf
8cd25e4edec606ee114faedf90b719e5e3ffc4ae9762e840a68c04d7fc2c597b
8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392
8f1d6d4cc75e4aa9496b424cd30b080acfdc983a42910afcd0069560cf2b11d4
9102e7d07194ef0d231630e5acb69d75f2e44f6c48610aa0f8330fbb6fa2794b
9616865a4344d7bd7631fb93925d422d89ea1db93bc52f9d217354841c2bdf3a
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
98753a47a585b364d46318037a18c5525261dd84fd2075c78ccd06650d660e7a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b5179ea2a77fe69b294fbd2ed504eacbfbe048ede58967b43af2ca537144b1f
9ccf448aca55910027e94feceed323a2713467f0b231a9fcccce6bfd6cb5e64b
9ebbd916b6c322597da4b1ac0ef4bbbf04d00339cfc619424a99f929b69e608e
9ee489ab6a989f0bc872d5c65653f1137642872db9fc7f6add0db7cc8a2a9ac4
a04d373be23a3f37dfe1f88cab01061db75f716edadc6451c652fe538f4be6c0
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2aef314df12ae580d00c62eefebf69a2b75933357aa9acfd3a47d2d20660573
a2ec1281c1520917d1aa93957e348114e90c19eede19818fe26f562f63be5f82
a3ad7b5c1b5bc181b20b6bf15a40180d0d3a6697ee3bcab9867010841bf07048
a6cd361fc4dd2ddf8db6c3ea7d3e8e62d38832bd9336e595aafa4abcd024b1ce
ac828532f050274f27d56c1fc076fc7e9d81d3dc58eb5381d9a4f800a207a919
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aff3f5c59ca98127f2816e2c0a9480245947eef51a28e730335fd22df0afc207
b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0
b352dfc31629c483aaa45c0d13786096eb0991c8955fd268e33cbe32f13e01c2
b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8
b79adf570b66bcd072b6f3ea35e760f7433030c083c686a08b6ba740f532098a
b97c2397c3894fce3131e91fda5edd6418baecb754c45febae4742e1cee16bd4
bbf547a9a6e2068786c2f7956af7c4195c9de8ae85058d951a6e260054ece568
be76c042dc8a900e73128ccbea6752f5a9ce88ed1eb37283f37f8eafb35af411
c0da07fffccf7c2c9ec36027686abc3e702576fa091eabf0b234350432e559f1
c14c7d89d2f50cfddff9e5ab56ce377d0ca5ff385e2a6a22809235253f6e6dc5
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c338a9a0c715aed85cfaab33d62a85b181504af3c74403d7847c24ae9a1662da
c4903cceaa5a514cfd8175be52f5fb06be0fd7b4a6166c33b905e168313da339
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
ccaa9fc98ba7153973c89263d4ab6ff949c201a412e7410c7367ddfdb8d0a841
ced444f42b5fd805b5d0bd1406846dd2e7bcef42003b9833fcb2173d55d3af8e
d04c01926dc18bb1aa1b0b07f12bb45c930a8c868f0b65e4c9961eaafa614c21
d0da9204fd47a966df2196099d0359d4b1916309766505f7586418370746dab4
d3ed6cb466bd654fe36c57faacb1c88ad4e2793087431d6ffc5366961a4c978f
d402b35e6e0d996cc57dfb1f40a87b672f1eb4dfe0744da6d9c40b0d26592815
d425602f94353d2493ea3f52843f4237e815066453f88aa6e286bb203ed9aef1
d85fdb38867dbfd85d49d3711045f03ba72cccfc3217003f911b34d18a05d580
d903a35a90276fed8d286f4de9f6ab44db076826cdb14a82d2e418aeb79b92ac
da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997
dbe74252035fd1cda8b03e76098b49b0530e2e9470b004549f628b1e840e6694
dc131657068707ac57506e3053ea092a346e7364ec91bc922b4f78921e73a9e4
dc832faf8ca21fb791b9abb9a3ba334ef3e31914317791dd53510b8a24d0621d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e1cd9f10abeb29476add99b612340de919f0263c2454779535e69583ca187ff1
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b40a141481590cce13aa3aee49b7ba7fad812893b4b0f6751b5706caab4523
e7633b44b806a6e19c0d10dfbabf13a1b7e99096d38a45b47b0852d094d11603
e8f71b033520445068a6ac2b3f303ff0b6423493a5ffca2d10f7163c90b29e11
e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f
e9c31a063adbb7e4a65fa70898d44d33c4b1846b31e5064f88dd4ff8536b1248
eb23842e002864729d3e39cf25f636f55d6fce297c0154dd6b54d1f5b815d671
ecff0934fecdd9ab3571faea9dfdcffaa50abff93982a0c2c3e4e56394d6ebf0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09f22f229518f3a08e539003775277e2211b29074780550f0b86ca365cdf4f3
f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e
f2f087eac841d5433c3c3fa9ea481b474ff8370b9d9eec1ace18f0300a76ffd8
fa3bcc93d1be83ac7d82cd6182d25741cdef5d016e40436266df12a50abbebc3
fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e

www.herocosmetics.us Open in urlscan Pro 23.227.38.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

189 Requests

82 %HTTPS

29 %IPv6

80 Domains

98 Subdomains

62 IPs

9 Countries

2708 kBTransfer

8269 kBSize

101 Cookies

9 Outgoing links

Page URL History

Redirected requests

189 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.herocosmetics.us Open in urlscan Pro
23.227.38.74 Public Scan

Screenshot
Live screenshot

Full Image

189
Requests

82 %
HTTPS

29 %
IPv6

80
Domains

98
Subdomains

62
IPs

9
Countries

2708 kB
Transfer

8269 kB
Size

101
Cookies

189 HTTP transactions
0 data transactions