login.shelf-eu.com Open in urlscan Pro
13.32.121.125  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	403	Primary Request ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA Show response login.shelf-eu.com/enroll-user/	2 KB 3 KB	129ms 90ms	Document text/html	13.32.121.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 186ced4d05394161ba2b2e91770f10cc50207f73a7146933c60414eea0a30102 Security Headers Name Value Content-Security-Policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: Strict-Transport-Security max-age=63113904; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache content-encoding gzip content-security-policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: content-type text/html date Wed, 06 Jul 2022 21:39:32 GMT etag W/"940fb461ebaee37291122491cb3fb6e3" last-modified Mon, 16 May 2022 08:51:48 GMT server AmazonS3 strict-transport-security max-age=63113904; includeSubDomains; preload vary Accept-Encoding via 1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront) x-amz-cf-id 9qqIphXQs64LomVWMwtcDvUoxcraz0tmwENEQNuOSgnpsKB-te-IQg== x-amz-cf-pop FRA60-P1 x-amz-error-code AccessDenied x-amz-error-message Access Denied x-cache Error from cloudfront x-content-type-options nosniff x-xss-protection 1
GET H2	200	main.23edfa7c.chunk.css login.shelf-eu.com/static/css/	11 KB 4 KB	58ms 57ms	Stylesheet text/css	13.32.121.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.shelf-eu.com/static/css/main.23edfa7c.chunk.css Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 5f2f363eaec747b7320bdea705874cbc4760a3a57def321fa5cd9bab6a9da744 Security Headers Name Value Content-Security-Policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: Strict-Transport-Security max-age=63113904; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1 Request headers accept-language de-DE,de;q=0.9 Referer https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 21:39:33 GMT content-encoding gzip x-content-type-options nosniff x-amz-cf-pop FRA60-P1 x-cache Miss from cloudfront vary Accept-Encoding x-xss-protection 1 last-modified Mon, 16 May 2022 08:51:48 GMT server AmazonS3 etag W/"60530a825570e04fbc141b97734056e1" strict-transport-security max-age=63113904; includeSubDomains; preload content-type text/css via 1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront) cache-control no-cache content-security-policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: x-amz-cf-id TfyJcpqzGqjfaxOhx-l3WAwQT9h3DQuuTW-U359HntT-i_QyLqr7Mw==
GET H2	200	polyfill.min.js Show response cdn.polyfill.io/v2/	222 B 450 B	46ms 23ms	Script text/javascript	2a04:4e42::282 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.polyfill.io/v2/polyfill.min.js?features=default Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::282 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3 Request headers accept-language de-DE,de;q=0.9 Referer https://login.shelf-eu.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 21:39:32 GMT content-encoding br last-modified Wed, 22 Jun 2022 00:05:24 GMT age 0 vary User-Agent, Accept-Encoding access-control-allow-methods GET,HEAD,OPTIONS content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800 useragent_normaliser chrome/103.0.0 server-timing cache-fra19129, PASS, fastly;desc="Edge time";dur=17 accept-ranges bytes content-length 126
GET H2	200	2.9e0ce04a.chunk.js Show response login.shelf-eu.com/static/js/	2 MB 511 KB	55ms 54ms	Script application/javascript	13.32.121.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.shelf-eu.com/static/js/2.9e0ce04a.chunk.js Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash c620e1808b3dfe46c365c36681312c94fb1d2b9f4589b92cdac888a071d03d02 Security Headers Name Value Content-Security-Policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: Strict-Transport-Security max-age=63113904; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1 Request headers accept-language de-DE,de;q=0.9 Referer https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 21:39:33 GMT content-encoding gzip x-content-type-options nosniff x-amz-cf-pop FRA60-P1 x-cache Miss from cloudfront x-amz-storage-class INTELLIGENT_TIERING vary Accept-Encoding x-xss-protection 1 last-modified Mon, 16 May 2022 08:51:48 GMT server AmazonS3 etag W/"2c71a044957938e1b47667ac6de16f2e" strict-transport-security max-age=63113904; includeSubDomains; preload content-type application/javascript via 1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront) cache-control no-cache content-security-policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: x-amz-cf-id fwpMQPDO9Bhy4VKKC6u3BXzSDp-gQeDbYk_kg2PmrGFpSI101kIvwA==
GET H2	200	main.c68bbc94.chunk.js Show response login.shelf-eu.com/static/js/	69 KB 19 KB	66ms 66ms	Script application/javascript	13.32.121.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.shelf-eu.com/static/js/main.c68bbc94.chunk.js Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-125.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash d0592c4f045163f518e6c87e16e1065108dbf76b136f283aa4d1a387377b4d22 Security Headers Name Value Content-Security-Policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: Strict-Transport-Security max-age=63113904; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1 Request headers accept-language de-DE,de;q=0.9 Referer https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 21:39:33 GMT content-encoding gzip x-content-type-options nosniff x-amz-cf-pop FRA60-P1 x-cache Miss from cloudfront vary Accept-Encoding x-xss-protection 1 last-modified Mon, 16 May 2022 08:51:48 GMT server AmazonS3 etag W/"b0e13f83e117dac03b24bc589e63b4e9" strict-transport-security max-age=63113904; includeSubDomains; preload content-type application/javascript via 1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront) cache-control no-cache content-security-policy default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob: x-amz-cf-id eZLRWXz1uB9i-MrctawHld7DCDHP9ioEJDkeJA9Fzy8WEVs4AQrfUA==
GET H2	200	css fonts.googleapis.com/	8 KB 1 KB	38ms 16ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,600&subset=latin-ext Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/static/css/main.23edfa7c.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 067218429e5e1b8974c50b5e03c61a4118983f50d451134773472fafb401d73c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://login.shelf-eu.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 06 Jul 2022 20:54:02 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 06 Jul 2022 21:39:33 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 06 Jul 2022 21:39:33 GMT
OPTIONS H2	200	/ api.shelf-eu.com/auth/login-options/	0 0	56ms 21ms	Preflight application/json	3.120.17.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.shelf-eu.com/auth/login-options/?subdomain=herbalife Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.120.17.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-120-17-90.eu-central-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://login.shelf-eu.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent access-control-allow-methods OPTIONS,GET access-control-allow-origin * content-length 0 content-type application/json date Wed, 06 Jul 2022 21:39:33 GMT x-amz-apigw-id U3UbWEAmliAFnVw= x-amzn-requestid a2868469-2a11-4a47-a230-eeb692068955 x-amzn-trace-id Root=1-62c60115-49f9492d4135d6c140aec7c9
GET H2	200	css fonts.googleapis.com/	8 KB 784 B	17ms 17ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,600 Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 067218429e5e1b8974c50b5e03c61a4118983f50d451134773472fafb401d73c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://login.shelf-eu.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 06 Jul 2022 19:48:27 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 06 Jul 2022 21:39:33 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 06 Jul 2022 21:39:33 GMT
GET H2	200	/ Show response api.shelf-eu.com/auth/login-options/	56 B 286 B	83ms 83ms	XHR application/json	3.120.17.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.shelf-eu.com/auth/login-options/?subdomain=herbalife Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/static/js/2.9e0ce04a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.120.17.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-120-17-90.eu-central-1.compute.amazonaws.com Software / Resource Hash 41d0ef84101c1b80341960538abd56e3edeb5b9bd32b69be5858e7fcb658e45b Request headers accept application/json Referer https://login.shelf-eu.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 content-type application/json Response headers date Wed, 06 Jul 2022 21:39:33 GMT content-encoding gzip x-amzn-requestid 3c51d106-c450-403f-8a36-27d7ca473703 content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-62c60115-3f9fcc010eea847168090241 x-amz-apigw-id U3UbXHAfFiAFe0A= content-length 67
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v29/	44 KB 44 KB	30ms 8ms	Font font/woff2	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600&subset=latin-ext Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://login.shelf-eu.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 12:16:38 GMT x-content-type-options nosniff age 206575 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44800 x-xss-protection 0 last-modified Wed, 11 May 2022 19:25:14 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Jul 2023 12:16:38 GMT
POST H2	200	/ Show response api.shelf-eu.com/users/v1/enroll/validate/	14 B 253 B	180ms 180ms	XHR application/json	3.120.17.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.shelf-eu.com/users/v1/enroll/validate/ Requested by Host: login.shelf-eu.com URL: https://login.shelf-eu.com/static/js/2.9e0ce04a.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.120.17.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-120-17-90.eu-central-1.compute.amazonaws.com Software / Resource Hash 8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0 Request headers accept application/json Referer https://login.shelf-eu.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 content-type application/json Response headers date Wed, 06 Jul 2022 21:39:33 GMT content-encoding gzip x-amzn-requestid f72ddea1-408f-45a7-9b97-07bed307d297 content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-62c60115-2aa10260147160f4686fc3dd x-amz-apigw-id U3UbXHQ7liAFl5w= content-length 34
OPTIONS H2	200	/ api.shelf-eu.com/users/v1/enroll/validate/	0 0	49ms 28ms	Preflight application/json	3.120.17.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.shelf-eu.com/users/v1/enroll/validate/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.120.17.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-120-17-90.eu-central-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://login.shelf-eu.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent access-control-allow-methods OPTIONS,POST access-control-allow-origin * content-length 0 content-type application/json date Wed, 06 Jul 2022 21:39:33 GMT x-amz-apigw-id U3UbWEvbFiAFs2w= x-amzn-requestid 52bc2c4f-f9ab-4de4-98e3-9c10060f81d8 x-amzn-trace-id Root=1-62c60115-15c44e6e1e0a8fc84a9b4c7e

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonpundefined function| setImmediate function| clearImmediate object| regeneratorRuntime function| _ object| DD_LOGS object| DD_RUM function| sweetAlert object| toastr

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.shelf-eu.com/	1970-01-20 04:19:04	Name: _dd_s Value: logs=1&id=482a0bb7-142a-4b83-91aa-fce4b80ac963&created=1657143573247&expire=1657144473250&rum=1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://login.shelf-eu.com/enroll-user/ODc5OWYyNmE2N2M1YjdmOTRjOGQ3ZTQ2ZTk1NjAzYjU2NjQ4MzczODhhNzcwYmFlZDAxNDdiMjNiYWQ4NDJhMA?subdomain=herbalife Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com *.kustomerapp.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com; connect-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com * 'self'; img-src data: https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; font-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; frame-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com 'self' http://* https://*; worker-src https://*.shelf-eu.com https://*.shelf-ssp-eu.com blob:
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.shelf-eu.com
cdn.polyfill.io
fonts.googleapis.com
fonts.gstatic.com
login.shelf-eu.com
13.32.121.125
2a00:1450:4001:80b::2003
2a00:1450:4001:828::200a
2a04:4e42::282
3.120.17.90
067218429e5e1b8974c50b5e03c61a4118983f50d451134773472fafb401d73c
186ced4d05394161ba2b2e91770f10cc50207f73a7146933c60414eea0a30102
41d0ef84101c1b80341960538abd56e3edeb5b9bd32b69be5858e7fcb658e45b
5f2f363eaec747b7320bdea705874cbc4760a3a57def321fa5cd9bab6a9da744
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
c620e1808b3dfe46c365c36681312c94fb1d2b9f4589b92cdac888a071d03d02
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
d0592c4f045163f518e6c87e16e1065108dbf76b136f283aa4d1a387377b4d22