dashboard.pluralonline.com Open in urlscan Pro
2600:9000:2490:e000:0:4cf0:1c00:93a1  Public Scan

URL: https://dashboard.pluralonline.com/
Submission: On July 11 via manual from IN — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 22 HTTP transactions. The main IP is 2600:9000:2490:e000:0:4cf0:1c00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is dashboard.pluralonline.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 1st 2022. Valid for: a year.
This is the only time dashboard.pluralonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 2600:9000:249... 16509 (AMAZON-02)
3 3.108.25.150 16509 (AMAZON-02)
22 3
Domain Requested by
16 dashboard.pluralonline.com dashboard.pluralonline.com
3 api.pluralonline.com dashboard.pluralonline.com
0 www.google.com Failed dashboard.pluralonline.com
0 js-agent.newrelic.com Failed dashboard.pluralonline.com
0 d2r1yp2w7bby2u.cloudfront.net Failed dashboard.pluralonline.com
22 5

This site contains no links.

Subject Issuer Validity Valid
www.pluralonline.com
Go Daddy Secure Certificate Authority - G2
2022-10-01 -
2023-09-30
a year crt.sh

This page contains 1 frames:

Primary Page: https://dashboard.pluralonline.com/
Frame ID: 2E78FE50C701C6508DAAC2B6F0425640
Requests: 22 HTTP requests in this frame

Screenshot

Page Title

Welcome to the Plural Dashboard - Accept Online Payments

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

86 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

689 kB
Transfer

2852 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
dashboard.pluralonline.com/
6 KB
4 KB
Document
General
Full URL
https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
06021956fbceede36afaabd99e9760afa4267f2db8cb0db927cf73bebd6bc6f8
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
63514
content-encoding
gzip
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type
text/html
date
Mon, 10 Jul 2023 18:49:16 GMT
etag
W/"8c3a40b590a4542f7a98790419665976"
last-modified
Tue, 30 May 2023 13:43:36 GMT
permissions-policy
none
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
x-amz-cf-id
W0aAc9lhruzRrzIEgODYkfEfEFmFGoo1qaTIYbrETCr-AMzHtiFcMg==
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
sameorigin
jquery.mCustomScrollbar.css
dashboard.pluralonline.com/css/
52 KB
6 KB
Stylesheet
General
Full URL
https://dashboard.pluralonline.com/css/jquery.mCustomScrollbar.css
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f3a9cb6e8356258ed208862d763a3c5e5cd5cdea0c7a55420d76be3ceb55f2b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:30 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
21
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:34 GMT
server
AmazonS3
etag
W/"3c98d8210bba903c522c419d586bc395"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
text/css
permissions-policy
none
x-amz-cf-id
px2roWs974x5aop5oCJCLu3uwIUJalLjHrpGlk8wdDJ-fdp_KPPb2A==
new-relic-script.js
dashboard.pluralonline.com/
28 KB
10 KB
Script
General
Full URL
https://dashboard.pluralonline.com/new-relic-script.js
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
332fa5a40211524dca7db3aeeced986e8539695c64748ca71b4a6bafabf6565f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 10 Jul 2023 20:20:11 GMT
content-encoding
gzip
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
58060
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:36 GMT
server
AmazonS3
etag
W/"0a44c6361aea8194067888ea1b3b81a8"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
permissions-policy
none
x-amz-cf-id
Hap8n6Ye2LJnrONglRAN37qP-vo-eha4d1DigdSOGR-kYNjxTfYaNw==
14.7fd4c28b.chunk.css
dashboard.pluralonline.com/static/css/
552 KB
79 KB
Stylesheet
General
Full URL
https://dashboard.pluralonline.com/static/css/14.7fd4c28b.chunk.css
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a0c95980665816bb94c3183a5d13f5debbe9eb066c227f4c8f041ef0c92816f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:30 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
21
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:36 GMT
server
AmazonS3
etag
W/"b95a0e9cbf66527c822a0dcf336963a8"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
text/css
permissions-policy
none
x-amz-cf-id
_6GiIsu9lM2wohJRsocshn3LuW-lOAN_U9C4MWO4qLmSJhjb2IYDmQ==
main.7c943c44.chunk.css
dashboard.pluralonline.com/static/css/
55 KB
10 KB
Stylesheet
General
Full URL
https://dashboard.pluralonline.com/static/css/main.7c943c44.chunk.css
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
321590cef7e349a366bbd6601cf16336d60840d4ff8db870d30cea3ce5aeb763
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:30 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
21
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:37 GMT
server
AmazonS3
etag
W/"22478e70e65afbff7d26417a2470591b"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
text/css
permissions-policy
none
x-amz-cf-id
kLljYK5GZUgeiIBUjDVIrIJ8lcnFDCHjO0xxma7EgtaaG10tFNHNXg==
14.38b13181.chunk.js
dashboard.pluralonline.com/static/js/
1 MB
370 KB
Script
General
Full URL
https://dashboard.pluralonline.com/static/js/14.38b13181.chunk.js
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0904dc112eaacf089d5bb7ef0c87e8dd0f78cd50d2546c07753188ea81bd5a4a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:30 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
21
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:37 GMT
server
AmazonS3
etag
W/"977b9026f4431ec6e950667e3a055c04"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
permissions-policy
none
x-amz-cf-id
b8ZwYfTqJ1N0ZRWZZJipUoueoJkbBDcYM7mZZWYH677bSkR_6xJfjg==
main.0dba9cee.chunk.js
dashboard.pluralonline.com/static/js/
559 KB
84 KB
Script
General
Full URL
https://dashboard.pluralonline.com/static/js/main.0dba9cee.chunk.js
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9d457612f93fb744c00a18774eb1a15a0796dd9eecd11221c88b841846af326d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 10 Jul 2023 20:17:16 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
58234
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:38 GMT
server
AmazonS3
etag
W/"3db9ddab01d8cd08e42db474b28a1f95"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
permissions-policy
none
x-amz-cf-id
emLj9KUZIX_Clz17NrpnEyiA5aRhvUtgIoNLtRtD-2XVtmAgNBgWmg==
a.js
d2r1yp2w7bby2u.cloudfront.net/js/
0
0

recaptchaKey
api.pluralonline.com/api/v1/dashboard/auth/merchant/recaptcha/
105 B
648 B
XHR
General
Full URL
https://api.pluralonline.com/api/v1/dashboard/auth/merchant/recaptcha/recaptchaKey
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/new-relic-script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.108.25.150 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-108-25-150.ap-south-1.compute.amazonaws.com
Software
/ Express
Resource Hash
19da6dd861f928e4bcf6f395f2ef279faddc289f00cae0dc15aed9326a2af045
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:51 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-powered-by
Express
etag
W/"69-K1fAoluKqTjjQiU8zmLhl4AAYNk"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dashboard.pluralonline.com
access-control-allow-credentials
true
content-length
105
x-xss-protection
0
token
api.pluralonline.com/api/v1/dashboard/auth/merchant/verify/
49 B
784 B
XHR
General
Full URL
https://api.pluralonline.com/api/v1/dashboard/auth/merchant/verify/token
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/new-relic-script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.108.25.150 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-108-25-150.ap-south-1.compute.amazonaws.com
Software
/ Express
Resource Hash
5c78f5c7db831b9cbbb158020c2a7935f5e025200727efa19a311b8a309d5ad9
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:51 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-powered-by
Express
etag
W/"31-6VxSc1+gaHNj47X9h2wjOYmQP3I"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dashboard.pluralonline.com
access-control-allow-credentials
true
content-length
49
x-xss-protection
0
ErrorText
api.pluralonline.com/api/v1/dashboard/transaction/home/
5 KB
6 KB
XHR
General
Full URL
https://api.pluralonline.com/api/v1/dashboard/transaction/home/ErrorText
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/new-relic-script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.108.25.150 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-108-25-150.ap-south-1.compute.amazonaws.com
Software
/ Express
Resource Hash
81e0f694f4436e224d5a18b44396128f77d3f178c98e1be7718d2502ff78475a
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:51 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-powered-by
Express
etag
W/"1554-akYUkpG1A9Ufd2C8CRJj1+yOIHk"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dashboard.pluralonline.com
access-control-allow-credentials
true
content-length
5460
x-xss-protection
0
44.54b9d9ca.chunk.css
dashboard.pluralonline.com/static/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://dashboard.pluralonline.com/static/css/44.54b9d9ca.chunk.css
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a59ce21a3c3583c0805f85781f2bcd292a32e01c64f297cf8cd0a80c4d8eade2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 10 Jul 2023 20:17:19 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
58232
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:37 GMT
server
AmazonS3
etag
W/"9d4a1d7dea1d226cada017a3071d1f71"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
text/css
permissions-policy
none
x-amz-cf-id
KppulKCvpq_i3bEp6DAQY32yfqCmzxTHKjZRJGu_6dhgaCS8D9CMgQ==
44.3338e0b7.chunk.js
dashboard.pluralonline.com/static/js/
6 KB
3 KB
Script
General
Full URL
https://dashboard.pluralonline.com/static/js/44.3338e0b7.chunk.js
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
824aa5b6002c9d99c15da11097c2c0066b538a76dc22237030ddb4b9194ff7bb
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:32 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
19
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:38 GMT
server
AmazonS3
etag
W/"2117768f22e1b54c0f047e42ffaeeede"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
permissions-policy
none
x-amz-cf-id
8CwbWa9GrpwS8ztm3hEsvyzN3UE3Tr7Eyw0qgVOlVySIJZ8-8XsY0g==
error-background.svg
dashboard.pluralonline.com/images/
65 KB
24 KB
Image
General
Full URL
https://dashboard.pluralonline.com/images/error-background.svg
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8e0226e40c75cddd66fb8e480462963e32b17d8b7ee0cac92d01772c43d0cc87
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:50 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
19
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:35 GMT
server
AmazonS3
etag
W/"e90ad345352ce8642703e08eedeb3e1a"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
permissions-policy
none
x-amz-cf-id
K0re__5iXy2ZW2ewfUSDKwMqKUu8U0S6iQs001XhW-fVs46K0P42XA==
square-four.svg
dashboard.pluralonline.com/images/
787 B
2 KB
Image
General
Full URL
https://dashboard.pluralonline.com/images/square-four.svg
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5e325a3adde3669dd84f1994869b8551916d56ac0970e4b6e3889f781327bab5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 10 Jul 2023 20:17:18 GMT
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains
age
58233
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
787
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:36 GMT
server
AmazonS3
etag
"8c6e4600c3a1338cad5e7c0bba88f3f7"
x-frame-options
sameorigin
content-type
image/svg+xml
permissions-policy
none
accept-ranges
bytes
x-amz-cf-id
h1sMY5WOFJt_0DK9fdQ6C0QyQMvcuh9ZSYLZuAWLraHFGnFMVOTk6w==
loader.gif
dashboard.pluralonline.com/images/
16 KB
17 KB
Image
General
Full URL
https://dashboard.pluralonline.com/images/loader.gif
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3a556ca7d2785af70ae685917633284c40a664d35593b6d395d135418bc1784
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:50 GMT
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains
age
19
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
16677
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:35 GMT
server
AmazonS3
etag
"481f04d6bce25d955c9d01a9e7e81923"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/gif
permissions-policy
none
accept-ranges
bytes
x-amz-cf-id
_vvYO2Bezr8Ds-bSVyXaCDKi4yH05bBbU0QISHaAyQ5rnV0CRTQ2nQ==
Indivisible%20Regular.57845c0f.woff
dashboard.pluralonline.com/static/media/
55 KB
56 KB
Font
General
Full URL
https://dashboard.pluralonline.com/static/media/Indivisible%20Regular.57845c0f.woff
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/static/css/main.7c943c44.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
395bb9c0e259f5a96d854f244543672056ce64665c19a295d7507b7a92a990e3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://dashboard.pluralonline.com/static/css/main.7c943c44.chunk.css
Origin
https://dashboard.pluralonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:50 GMT
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains
age
19
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
56412
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:38 GMT
server
AmazonS3
etag
"1437bbbc4e98ddc83388b09c186662de"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
binary/octet-stream
permissions-policy
none
accept-ranges
bytes
x-amz-cf-id
9_2zCNkeM7vGHh_fNEShMu1bEVU5Xxridc0WUWxYIZDd6z923So9SQ==
plural-Logo.svg
dashboard.pluralonline.com/images/
8 KB
4 KB
Image
General
Full URL
https://dashboard.pluralonline.com/images/plural-Logo.svg
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0b68484501c6972a7c2b99d91b777500e8f46cebe0a0f58dabde28d1fa7e275c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:50 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
18
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:36 GMT
server
AmazonS3
etag
W/"346a6a2d25df9df7388b7103e979dc0f"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
permissions-policy
none
x-amz-cf-id
6ZiMSn4H3XA5iJWXHQPWX1u7j0M3L5GLAaq6kImI5zWPE6rBdU0vyg==
login-bg.svg
dashboard.pluralonline.com/images/
28 KB
8 KB
Image
General
Full URL
https://dashboard.pluralonline.com/images/login-bg.svg
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a528a6efc74b98f7b43d0fbfd86cee62037f31b9b809ecf9ffb83584adc226f2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:32 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
18
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:35 GMT
server
AmazonS3
etag
W/"41cc17003055907db9ff1aa5f6884ce7"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
permissions-policy
none
x-amz-cf-id
Pt0YWEuFyQNUmUdsEEBK8_s378m9I8x-9ku2QgkazI59EqLIi4PH4Q==
close-eye.svg
dashboard.pluralonline.com/images/
4 KB
3 KB
Image
General
Full URL
https://dashboard.pluralonline.com/images/close-eye.svg
Requested by
Host: dashboard.pluralonline.com
URL: https://dashboard.pluralonline.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:e000:0:4cf0:1c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
02900dc7066ce1b57fbc87505ea52cb80b3c6b86221b8bb82d2e4109f77caf23
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dashboard.pluralonline.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:27:50 GMT
content-encoding
br
via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
19
x-amz-cf-pop
FRA56-P6
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 May 2023 13:43:35 GMT
server
AmazonS3
etag
W/"01d00f54492edbac4a268b6d8a7d972e"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
permissions-policy
none
x-amz-cf-id
-_IlcRmGhDCuB5xOR3E0-Yk3Cmg2DafbaRE4LQNdbzyRzdPgfkB3Ow==
nr-1209.min.js
js-agent.newrelic.com/
0
0

api.js
www.google.com/recaptcha/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
d2r1yp2w7bby2u.cloudfront.net
URL
https://d2r1yp2w7bby2u.cloudfront.net/js/a.js
Domain
js-agent.newrelic.com
URL
https://js-agent.newrelic.com/nr-1209.min.js
Domain
www.google.com
URL
https://www.google.com/recaptcha/api.js?render=6LfJaOQcAAAAAAB5Bc6aT2RA7yNYf9QT3BM5zYV5

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| NREUM object| newrelic function| __nr_require object| clevertap object| webpackJsonpplural_dashboard object| regeneratorRuntime function| setImmediate function| clearImmediate

0 Cookies

6 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item for feature none. Allowlist item must be *, self, or quoted url.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'none'.
security error URL: https://dashboard.pluralonline.com/
Message:
Refused to load the script 'https://d2r1yp2w7bby2u.cloudfront.net/js/a.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.googletagmanager.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://dashboard.pluralonline.com/new-relic-script.js(Line 1)
Message:
Refused to load the script 'https://js-agent.newrelic.com/nr-1209.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.googletagmanager.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network error URL: https://api.pluralonline.com/api/v1/dashboard/auth/merchant/verify/token
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://dashboard.pluralonline.com/static/js/main.0dba9cee.chunk.js
Message:
Refused to load the script 'https://www.google.com/recaptcha/api.js?render=6LfJaOQcAAAAAAB5Bc6aT2RA7yNYf9QT3BM5zYV5' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.googletagmanager.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.pluralonline.com *.pinepg.in https://www.googletagmanager.com https://www.google-analytics.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.pluralonline.com
d2r1yp2w7bby2u.cloudfront.net
dashboard.pluralonline.com
js-agent.newrelic.com
www.google.com
d2r1yp2w7bby2u.cloudfront.net
js-agent.newrelic.com
www.google.com
2600:9000:2490:e000:0:4cf0:1c00:93a1
3.108.25.150
02900dc7066ce1b57fbc87505ea52cb80b3c6b86221b8bb82d2e4109f77caf23
06021956fbceede36afaabd99e9760afa4267f2db8cb0db927cf73bebd6bc6f8
0904dc112eaacf089d5bb7ef0c87e8dd0f78cd50d2546c07753188ea81bd5a4a
0b68484501c6972a7c2b99d91b777500e8f46cebe0a0f58dabde28d1fa7e275c
19da6dd861f928e4bcf6f395f2ef279faddc289f00cae0dc15aed9326a2af045
1f3a9cb6e8356258ed208862d763a3c5e5cd5cdea0c7a55420d76be3ceb55f2b
321590cef7e349a366bbd6601cf16336d60840d4ff8db870d30cea3ce5aeb763
332fa5a40211524dca7db3aeeced986e8539695c64748ca71b4a6bafabf6565f
395bb9c0e259f5a96d854f244543672056ce64665c19a295d7507b7a92a990e3
5c78f5c7db831b9cbbb158020c2a7935f5e025200727efa19a311b8a309d5ad9
5e325a3adde3669dd84f1994869b8551916d56ac0970e4b6e3889f781327bab5
81e0f694f4436e224d5a18b44396128f77d3f178c98e1be7718d2502ff78475a
824aa5b6002c9d99c15da11097c2c0066b538a76dc22237030ddb4b9194ff7bb
8e0226e40c75cddd66fb8e480462963e32b17d8b7ee0cac92d01772c43d0cc87
9a0c95980665816bb94c3183a5d13f5debbe9eb066c227f4c8f041ef0c92816f
9d457612f93fb744c00a18774eb1a15a0796dd9eecd11221c88b841846af326d
a528a6efc74b98f7b43d0fbfd86cee62037f31b9b809ecf9ffb83584adc226f2
a59ce21a3c3583c0805f85781f2bcd292a32e01c64f297cf8cd0a80c4d8eade2
d3a556ca7d2785af70ae685917633284c40a664d35593b6d395d135418bc1784