urlscan.io logo urlscan.io
SecurityTrails logo

dashboard.pantheon.io Open in urlscan Pro
34.68.105.172  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dashboard.pantheon.io/
Effective URL: https://dashboard.pantheon.io/login
Submission: On September 12 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 34.68.105.172, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is dashboard.pantheon.io. The Cisco Umbrella rank of the primary domain is 357597.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on June 6th 2023. Valid for: a year.
This is the only time dashboard.pantheon.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 34.68.105.172 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
4 108.138.2.211 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
8 4
Apex Domain
Subdomains		 Transfer
4 cloudfront.net
d2ugos9k6fcl0x.cloudfront.net
4 MB
2 gstatic.com
fonts.gstatic.com
57 KB
2 pantheon.io
dashboard.pantheon.io — Cisco Umbrella Rank: 357597
6 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 56
1 KB
8 4
Domain Requested by
4 d2ugos9k6fcl0x.cloudfront.net dashboard.pantheon.io
d2ugos9k6fcl0x.cloudfront.net
2 fonts.gstatic.com fonts.googleapis.com
2 dashboard.pantheon.io 1 redirects
1 fonts.googleapis.com dashboard.pantheon.io
8 4

This site contains links to these domains. Also see Links.

Domain
pantheon.io
Subject Issuer Validity Valid
pantheonsite.io
Sectigo RSA Organization Validation Secure Server CA		 2023-06-06 -
2024-07-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dashboard.pantheon.io/login
Frame ID: 2702B4913E9EC756EEA0864B97B6393C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Please Login - Pantheon DashboardPantheon Logo

Page URL History Show full URLs

  1. https://dashboard.pantheon.io/ HTTP 302
    https://dashboard.pantheon.io/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

4007 kB
Transfer

11532 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dashboard.pantheon.io/ HTTP 302
    https://dashboard.pantheon.io/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
dashboard.pantheon.io/
Redirect Chain
  • https://dashboard.pantheon.io/
  • https://dashboard.pantheon.io/login
11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dashboard.pantheon.io/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.68.105.172 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
172.105.68.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
8c81b5ab6e269dba45f99a704f2e3a3de14ff28615b6a5869e20391a16f077ad
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
fr-FR,fr;q=0.9

Response headers

Access-Control-Allow-Headers
Origin, Content-Type, Accept
Access-Control-Allow-Methods
GET
Cache-Control
private, max-age=0, no-cache, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Sep 2023 15:35:34 GMT
ETag
W/"kYzGNqlX69Ov0+7Bj/ERJQ=="
Pragma
no-cache
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
deny DENY
X-Pantheon-Trace-Id
0379db20-5182-11ee-a0c8-d1a1d20a7aaa
X-XSS-Protection
1; mode=block

Redirect headers

Access-Control-Allow-Headers
Origin, Content-Type, Accept
Access-Control-Allow-Methods
GET
Cache-Control
private, max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
56
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Sep 2023 15:35:33 GMT
Location
/login
Pragma
no-cache
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept, Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
deny DENY
X-Pantheon-Trace-Id
03673d80-5182-11ee-a0c8-d1a1d20a7aaa
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600,400,700,400italic
Requested by
Host: dashboard.pantheon.io
URL: https://dashboard.pantheon.io/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e92acc863cc429072c2b2bae2b8270823a14572741bbd480d1b77065c1473436
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://dashboard.pantheon.io/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Sep 2023 15:35:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Tue, 12 Sep 2023 15:35:34 GMT
application.css
d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/stylesheets/ 		497 KB
171 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/stylesheets/application.css?cache=af4bce62faebb2063829f52a7de57f21ff31c2db
Requested by
Host: dashboard.pantheon.io
URL: https://dashboard.pantheon.io/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.2.211 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-2-211.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
57cedb11b004fad977a4dbb3278186e45d9408deb68b7f241aea5711e5ccfa19
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny, DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://dashboard.pantheon.io/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 11 Sep 2023 22:52:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
x-amz-cf-pop
FRA56-P6
age
60178
via
1.1 57eb57a4c7d431365ab5b2e18c495bf4.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-pantheon-trace-id
e6fcc980-50f5-11ee-9307-d345ddbc562a
last-modified
Mon, 11 Sep 2023 22:16:44 GMT
server
nginx
etag
W/"7c58c-3433697034"
x-frame-options
deny, DENY
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
x-amz-cf-id
Xf7Zin3zMzo6z8jfTvAH3YVtCxXx6xHaV6vPVIRXowJzRlXMcYLLPQ==
vendor.js
d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/javascripts/ 		11 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/javascripts/vendor.js?cache=af4bce62faebb2063829f52a7de57f21ff31c2db
Requested by
Host: dashboard.pantheon.io
URL: https://dashboard.pantheon.io/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.2.211 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-2-211.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
212dad851421abfbeaaba960beeecd0fecea957fdf4ef6c28270e93bc7819a3d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny, DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://dashboard.pantheon.io/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 11 Sep 2023 22:52:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
x-amz-cf-pop
FRA56-P6
age
60178
via
1.1 57eb57a4c7d431365ab5b2e18c495bf4.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-pantheon-trace-id
e6fc7b60-50f5-11ee-95d3-a341d753504a
last-modified
Mon, 11 Sep 2023 22:16:44 GMT
server
nginx
etag
W/"ab2138-3433697034"
x-frame-options
deny, DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
q9EGw1oLfzWi7C0FrYBE2j-sAVtjen3q03pqvMaM11qzf62HPr_Nkw==
authentication.js
d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/javascripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/javascripts/authentication.js?cache=af4bce62faebb2063829f52a7de57f21ff31c2db
Requested by
Host: dashboard.pantheon.io
URL: https://dashboard.pantheon.io/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.2.211 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-2-211.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
57220f361d902f84594ea20297f95539c0605da0febd2ddc509f9c0bc4927104
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny, DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://dashboard.pantheon.io/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 11 Sep 2023 22:52:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
gzip
x-amz-cf-pop
FRA56-P6
age
60178
via
1.1 57eb57a4c7d431365ab5b2e18c495bf4.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-pantheon-trace-id
e6fc0630-50f5-11ee-ad86-ef3eb2b6be68
last-modified
Mon, 11 Sep 2023 22:16:43 GMT
server
nginx
etag
W/"a20-3517923250"
x-frame-options
deny, DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-id
PGvjkjbADk7GLfsC7NRnT1-7vluuamL8u7KkzYp6uecprlC0YBmdxg==
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v35/ 		42 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600,400,700,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba3783050d8a2d02e1cdc8463b635dc21ac2a84da9ebd33bf362ed83ee53a2b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dashboard.pantheon.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Sat, 09 Sep 2023 05:03:44 GMT
x-content-type-options
nosniff
age
297110
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43120
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:11:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 08 Sep 2024 05:03:44 GMT
i-google.svg
d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/stylesheets/images/icons/ 		893 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/stylesheets/images/icons/i-google.svg
Requested by
Host: d2ugos9k6fcl0x.cloudfront.net
URL: https://d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/stylesheets/application.css?cache=af4bce62faebb2063829f52a7de57f21ff31c2db
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.2.211 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-2-211.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
81c8a05a17ec737877cd0f47cbfbbbbc4196db857231b1bd7d3cc7f53dadcf13
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny, DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://d2ugos9k6fcl0x.cloudfront.net/assets/dashboard/stylesheets/application.css?cache=af4bce62faebb2063829f52a7de57f21ff31c2db
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 12 Sep 2023 15:35:34 GMT
via
1.1 57eb57a4c7d431365ab5b2e18c495bf4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
26
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-pantheon-trace-id
a1995840-517c-11ee-9c88-8b1968f331fd
last-modified
Mon, 11 Sep 2023 22:16:44 GMT
server
nginx
etag
W/"37d-3433697034"
x-frame-options
deny, DENY
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=60
x-amz-cf-id
U1BjraaBuZic-gLkbhL_zeo8azScGDvQAtJwEXwKjijgtbfKmD6BQQ==
memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewIMSdjE.woff2
fonts.gstatic.com/s/opensans/v35/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewIMSdjE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600,400,700,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6932e3c95c85a1e703ab9bb5dd6c9d1062bdd38bd04063cc84e7dc94c9cb304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dashboard.pantheon.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 12 Sep 2023 11:45:12 GMT
x-content-type-options
nosniff
age
13822
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14132
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 11 Sep 2024 11:45:12 GMT

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| JSLog function| createCORSRequest function| handleFileSelect function| executeOnSignedUrl function| uploadFile function| uploadToS3 function| setProgress object| hljs function| isArray function| EventEmitter function| require object| async function| _ function| Mousetrap function| moment function| textile object| Raven function| Uri function| SparkMD5 function| $ function| jQuery object| Backbone object| Modernizr object| html5 function| superagent function| request object| pug string| assetVersion object| preloadedData

1 Cookies

Domain/Path Name / Value
dashboard.pantheon.io/ Name: _csrf
Value: IoxpVM3SxAIg8odsoGXiimIf

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny DENY
X-Xss-Protection 1; mode=block