Submitted URL: http://lululemon-track.creativedrive.com/
Effective URL: https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20=
Submission Tags: @phish_report
Submission: On May 21 via api from FI — Scanned from FI

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main IP is 20.80.10.136, located in Chicago, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is my.creativedrive.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 26th 2024. Valid for: a year.
This is the only time my.creativedrive.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 20.80.10.136 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.216.60.41 16509 (AMAZON-02)
19 4
Domain Requested by
9 lululemon-track.creativedrive.com lululemon-track.creativedrive.com
6 my.creativedrive.com lululemon-track.creativedrive.com
my.creativedrive.com
1 account-02-production.s3.amazonaws.com
1 my-api.creativedrive.com my.creativedrive.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com my.creativedrive.com
19 6

This site contains no links.

Subject Issuer Validity Valid
lululemon-track.creativedrive.com
DigiCert TLS RSA SHA256 2020 CA1
2023-06-16 -
2024-06-18
a year crt.sh
*.creativedrive.com
DigiCert TLS RSA SHA256 2020 CA1
2024-03-26 -
2025-03-25
a year crt.sh
upload.video.google.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
*.gstatic.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01
2023-10-10 -
2024-07-03
9 months crt.sh

This page contains 1 frames:

Primary Page: https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20=
Frame ID: 400FBCBC8F759C5C53D295CB664967EB
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Creativedrive - Login

Page URL History Show full URLs

  1. http://lululemon-track.creativedrive.com/ HTTP 307
    https://lululemon-track.creativedrive.com/ Page URL
  2. https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

19
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

4
IPs

2
Countries

1738 kB
Transfer

7360 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://lululemon-track.creativedrive.com/ HTTP 307
    https://lululemon-track.creativedrive.com/ Page URL
  2. https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://lululemon-track.creativedrive.com/ HTTP 307
  • https://lululemon-track.creativedrive.com/

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
lululemon-track.creativedrive.com/
Redirect Chain
  • http://lululemon-track.creativedrive.com/
  • https://lululemon-track.creativedrive.com/
1 KB
3 KB
Document
General
Full URL
https://lululemon-track.creativedrive.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
2238696ce673f7c59595390b260d553a18ef66e9eb03073edd8834d8dbb55165
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store
Connection
keep-alive
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Content-Type
text/html; charset=utf-8
Date
Tue, 21 May 2024 04:45:28 GMT
ETag
W/"8796b79c109198f33851b7d6f057e3f0"
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Request-Id
fc9ca090-33e4-4584-bd9a-eadca09adbd4
X-Runtime
0.007746
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://lululemon-track.creativedrive.com/
Non-Authoritative-Reason
HttpsUpgrades
font-awesome.min.css
lululemon-track.creativedrive.com/font-awesome-4.7.0/css/
30 KB
31 KB
Stylesheet
General
Full URL
https://lululemon-track.creativedrive.com/font-awesome-4.7.0/css/font-awesome.min.css
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lululemon-track.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:28 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Last-Modified
Thu, 08 Feb 2024 20:37:49 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store
Connection
keep-alive
Content-Length
31000
X-XSS-Protection
1; mode=block
feed-83e1a5e00166ed015bf30c5e8e1b731a185dd3ed70d7fd0e1d3de82475c61e9e.css
lululemon-track.creativedrive.com/assets/
530 KB
59 KB
Stylesheet
General
Full URL
https://lululemon-track.creativedrive.com/assets/feed-83e1a5e00166ed015bf30c5e8e1b731a185dd3ed70d7fd0e1d3de82475c61e9e.css
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
83e1a5e00166ed015bf30c5e8e1b731a185dd3ed70d7fd0e1d3de82475c61e9e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lululemon-track.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Thu, 08 Feb 2024 20:42:03 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store
Connection
keep-alive
Content-Length
58651
X-XSS-Protection
1; mode=block
feed-f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867.js
lululemon-track.creativedrive.com/assets/
4 MB
804 KB
Script
General
Full URL
https://lululemon-track.creativedrive.com/assets/feed-f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867.js
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lululemon-track.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Thu, 08 Feb 2024 20:42:40 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-store
Connection
keep-alive
Content-Length
821574
X-XSS-Protection
1; mode=block
fontawesome-webfont.woff2
lululemon-track.creativedrive.com/assets/font-awesome/
63 KB
64 KB
Font
General
Full URL
https://lululemon-track.creativedrive.com/assets/font-awesome/fontawesome-webfont.woff2
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/assets/feed-83e1a5e00166ed015bf30c5e8e1b731a185dd3ed70d7fd0e1d3de82475c61e9e.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
1628fa0825d2d77d656a988b30d807cdbe314cb1bd4c1a202c44baa0f974e586
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lululemon-track.creativedrive.com/assets/feed-83e1a5e00166ed015bf30c5e8e1b731a185dd3ed70d7fd0e1d3de82475c61e9e.css
Origin
https://lululemon-track.creativedrive.com
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Runtime
0.006697
Date
Tue, 21 May 2024 04:45:31 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Server
nginx
ETag
"3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Cache-Control
no-store
Connection
keep-alive
Content-Length
64464
X-XSS-Protection
1; mode=block
X-Request-Id
7e699823-cc16-4320-85dd-7453f144a881
auth_configs
lululemon-track.creativedrive.com/api/
227 B
2 KB
XHR
General
Full URL
https://lululemon-track.creativedrive.com/api/auth_configs
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/assets/feed-f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
92fd0b9c05d8a8284f2a53618dda6b468b7a50483c7fe2b5ae0fef44e69dcb60
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-CSRF-Token
+FI5BDUi2PEHOeYNpdFPZXDhQ3+ec2iVHKcaTTXzNdOJjw6AWNQ/IRBVCerNmCa6ps8tTr/eYMPc93HPu5MwGg==
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://lululemon-track.creativedrive.com/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

X-Runtime
0.009241
Date
Tue, 21 May 2024 04:45:31 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Server
nginx
ETag
W/"cfd678e74591f3d1e10d641caceab4fb"
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
no-store
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
d8e70fc6-f846-4000-a199-07a235b6cac4
auth_configs
lululemon-track.creativedrive.com/api/
227 B
2 KB
XHR
General
Full URL
https://lululemon-track.creativedrive.com/api/auth_configs
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/assets/feed-f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
92fd0b9c05d8a8284f2a53618dda6b468b7a50483c7fe2b5ae0fef44e69dcb60
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-CSRF-Token
+FI5BDUi2PEHOeYNpdFPZXDhQ3+ec2iVHKcaTTXzNdOJjw6AWNQ/IRBVCerNmCa6ps8tTr/eYMPc93HPu5MwGg==
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://lululemon-track.creativedrive.com/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

X-Runtime
0.007666
Date
Tue, 21 May 2024 04:45:31 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Server
nginx
ETag
W/"cfd678e74591f3d1e10d641caceab4fb"
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
no-store
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
d5384bdd-e91f-4f94-b6aa-3a27e73c97f9
creative-drive-logo.png
lululemon-track.creativedrive.com/images/feed/
5 KB
7 KB
Other
General
Full URL
https://lululemon-track.creativedrive.com/images/feed/creative-drive-logo.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
a3f9ce32517e6f6ca81c1893f492e14a14288be988218149215bf8e83463e70c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lululemon-track.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:31 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Last-Modified
Thu, 08 Feb 2024 20:37:49 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store
Connection
keep-alive
Content-Length
5459
X-XSS-Protection
1; mode=block
current_user
lululemon-track.creativedrive.com/api/cdauth/
32 B
2 KB
XHR
General
Full URL
https://lululemon-track.creativedrive.com/api/cdauth/current_user
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/assets/feed-f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-CSRF-Token
+FI5BDUi2PEHOeYNpdFPZXDhQ3+ec2iVHKcaTTXzNdOJjw6AWNQ/IRBVCerNmCa6ps8tTr/eYMPc93HPu5MwGg==
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://lululemon-track.creativedrive.com/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

X-Runtime
0.007747
Date
Tue, 21 May 2024 04:45:31 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Server
nginx
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
no-store
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
8882a78d-f72c-40e1-9b4e-4f4e16bd0c86
Primary Request /
my.creativedrive.com/
748 B
3 KB
Document
General
Full URL
https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20=
Requested by
Host: lululemon-track.creativedrive.com
URL: https://lululemon-track.creativedrive.com/assets/feed-f55f279cdbc1826e42b18f3114bcfebcdbe37cdc3c60f42fb4450b786df3c867.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
3be0b5909da87997ee7160f23c1f5f4e2adf510b87374ed528f32b4a8cd62986
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://lululemon-track.creativedrive.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Cache-Control
no-store
Connection
keep-alive
Content-Length
748
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Content-Type
text/html
Date
Tue, 21 May 2024 04:45:32 GMT
ETag
"6646215c-2ec"
Last-Modified
Thu, 16 May 2024 15:08:12 GMT
Referrer-Policy
strict-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/
22 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Requested by
Host: my.creativedrive.com
URL: https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 21 May 2024 04:45:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 21 May 2024 03:10:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 21 May 2024 04:45:32 GMT
main.ed69cbea.js
my.creativedrive.com/static/js/
645 KB
647 KB
Script
General
Full URL
https://my.creativedrive.com/static/js/main.ed69cbea.js
Requested by
Host: my.creativedrive.com
URL: https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
3e10bef018b3c7d9c3320e87def004c7954bd08c74bc8290ee18ce600f3f37b8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:32 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Thu, 16 May 2024 15:08:12 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
ETag
"6646215c-a14ca"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
660682
X-XSS-Protection
1; mode=block
main.4d80f5db.css
my.creativedrive.com/static/css/
15 KB
17 KB
Stylesheet
General
Full URL
https://my.creativedrive.com/static/css/main.4d80f5db.css
Requested by
Host: my.creativedrive.com
URL: https://my.creativedrive.com/?redirect=aHR0cHM6Ly9sdWx1bGVtb24tdHJhY2suY3JlYXRpdmVkcml2ZS5jb20=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
b15e87e135c63728e5436bb83dcef7e0928716c3dbb431358197bccc1e741403
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:32 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Thu, 16 May 2024 15:08:12 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
ETag
"6646215c-3b70"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15216
X-XSS-Protection
1; mode=block
cd-logo.dd9c940f8e27c7bf6802886bb5664b1d.svg
my.creativedrive.com/static/media/
3 KB
5 KB
Image
General
Full URL
https://my.creativedrive.com/static/media/cd-logo.dd9c940f8e27c7bf6802886bb5664b1d.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e5c0e4f42f11388efa4afea4bf40beb9b8f30bafd5adcbde7ee30b3dfbf2fb93
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:33 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Thu, 16 May 2024 15:08:12 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
ETag
"6646215c-d02"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3330
X-XSS-Protection
1; mode=block
login-page-bg.09a3b421e7405a195c5e.jpg
my.creativedrive.com/static/media/
38 KB
40 KB
Image
General
Full URL
https://my.creativedrive.com/static/media/login-page-bg.09a3b421e7405a195c5e.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
6008e441ccf34c2ce28edbff73a0f2e5e97eca0e5298f76d184cd400a3e10ec1
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:33 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Thu, 16 May 2024 15:08:12 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
ETag
"6646215c-9896"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
39062
X-XSS-Protection
1; mode=block
favicon.ico
my.creativedrive.com/
1 KB
3 KB
Other
General
Full URL
https://my.creativedrive.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
468c6588e396df2a16cf3999bf887b8fc110dbafb50ad201daa84fff10a07be7
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:33 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Thu, 16 May 2024 15:07:11 GMT
Server
nginx
Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.creativedrive.com:8443 https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
ETag
"6646211f-47e"
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
Cache-Control
no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1150
X-XSS-Protection
1; mode=block
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
48 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://my.creativedrive.com
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 00:50:53 GMT
x-content-type-options
nosniff
age
14080
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 21 May 2025 00:50:53 GMT
my.creativedrive.com
my-api.creativedrive.com/api/v2/ui/domain/
211 B
2 KB
XHR
General
Full URL
https://my-api.creativedrive.com/api/v2/ui/domain/my.creativedrive.com
Requested by
Host: my.creativedrive.com
URL: https://my.creativedrive.com/static/js/main.ed69cbea.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
20.80.10.136 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
0ea2b3b3ead9492a41c5b69fc9e5e7ffb7eb5ab7dae8032f7b91b645b956ecc4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' https://fonts.googleapis.com 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://my.creativedrive.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Server
nginx
Content-Security-Policy
default-src 'self' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://js-agent.newrelic.com https://fonts.googleapis.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; frame-src 'self' https://*.hotjar.com blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; style-src-elem 'self' https://fonts.googleapis.com 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'none';
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://my.creativedrive.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
Content-Length
211
X-XSS-Protection
1; mode=block
login.mp4
account-02-production.s3.amazonaws.com/
2 MB
0
Media
General
Full URL
https://account-02-production.s3.amazonaws.com/login.mp4
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.216.60.41 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://my.creativedrive.com/
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 21 May 2024 04:45:35 GMT
Last-Modified
Thu, 04 May 2023 14:14:25 GMT
Server
AmazonS3
x-amz-request-id
EHP9M6N4SKZ1MK6N
ETag
"606d5fef197b07b9670a71ffc515beb5"
x-amz-server-side-encryption
AES256
Content-Type
video/mp4
x-amz-storage-class
STANDARD_IA
Content-Range
bytes 0-4647367/4647368
Accept-Ranges
bytes
Content-Length
4647368
x-amz-id-2
fp9Uk4oc74H3hUZziM23uAWEnmMxxNCm3G0yiAR2TUebs1ZcsJW/AvifV6UnKZj/P/Pzb4l5Hqw=

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkauthui string| __reactRouterVersion object| FontAwesomeConfig object| ___FONT_AWESOME___ function| _

4 Cookies

Domain/Path Name / Value
lululemon-track.creativedrive.com/ Name: sni-azus-prod-ext.accenture.com
Value: !5yfzcyywMKbIv5uWuZTZRHOzZ3ZgkZnr8zuhMg7bGFO/Jwlier/beMt5LB1u8P7YpncaLOCj4r6UcH16yUWEpIS/gX1UzqTikggxnbEX
lululemon-track.creativedrive.com/ Name: _sandbox-prm_session
Value: N1FmR3NBRzRDVVZIL1N1SEVlYmRSNXVYenYyUzBMSEVmaGFiNzdIMEM4bVFWRjhOQ2xUSnFYVUNtRkpEQjhoM0xGdng1UFdwcmh4RGZiQ3dCMjJ0c1RSbUhnYVlQTEVqd1pMcDJ6OW5VODBVYUlnbzcySkthT3gvajJFQ1dhWllocEJKVDJLQTJpZlNYbk1BV1UwUlN3PT0tLWJzSURTckNUeTFrSmpnMkpUbC9wZ2c9PQ%3D%3D--1816d39e68bd81e2fbc839529bf4b172b595d055
my.creativedrive.com/ Name: sni-azus-prod-ext.accenture.com
Value: !9JlPmo7EKJq2DBGWuZTZRHOzZ3ZgkehrxxkyCXE4jwKJwDbeI0r2oks0BKBDE4nKOzjPbV2nQ/Lg4O1fVGjXThztVhRF194SessRg8xt
my-api.creativedrive.com/ Name: sni-azus-prod-ext.accenture.com
Value: !p/meavTBaelOn3OWuZTZRHOzZ3ZgkbmXSdgfeY9X23TXPMrbYCg13OZ9eUHv29mFBzSf6a5pUy242qA=

1 Console Messages

Source Level URL
Text
network error URL: https://lululemon-track.creativedrive.com/api/cdauth/current_user
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amazonaws.com https://cdwalmart.blob.core.windows.net https://*.creativedrive.com wss://*.creativedrive.com https://*.accenture.com wss://*.accenture.com https://*.nr-data.net https://*.hotjar.com; script-src 'self' https://*.hotjar.com https://s3.amazonaws.com https://www.googletagmanager.com https://bam.nr-data.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googleadservices.com https://storage.googleapis.com https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-src https://*.hotjar.com 'self' blob:; media-src 'self' https://*.s3.amazonaws.com https://*.creativedrive.com https://*.accenture.com data:; font-src 'self' data:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block