cash.app Open in urlscan Pro
74.122.189.140  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 0lt8li0xnovnajw2b47n9gl5x Show response cash.app/deposit/	4 KB 3 KB	539ms 301ms	Document text/html	74.122.189.140 SQUARE
General Check archive.org Show headers Download Go to Full URL https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.122.189.140 Ashburn, United States, ASN15211 (SQUARE, US), Reverse DNS cashbycashapp.com Software / Resource Hash 7a3977657cfb4516873ecd5e9cd60b8209ec6e75193b093da9e140ec6248b0cb Security Headers Name Value Content-Security-Policy default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; img-src 'self' data: https://images-production-f.squarecdn.com https://images-production-s.squarecdn.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com; frame-src 'self' https://www.google.com https://www.google.ca https://cash.me https://square.com squarecash:; object-src 'none'; script-src 'nonce-W5oYqR03x7nwERN6zxdijw==' 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://maps.googleapis.com squarecash:; base-uri 'none'; report-uri /event/csp-report Strict-Transport-Security max-age=631152000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :method GET :authority cash.app :scheme https :path /deposit/0lt8li0xnovnajw2b47n9gl5x pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 22 Jul 2021 14:41:15 GMT frame-options SAMEORIGIN x-frame-options SAMEORIGIN x-content-type-options nosniff x-xss-protection 1; mode=block set-cookie __nsid=d30a675f-c2e3-421c-95d2-b82e671197ce; Expires=Fri, 22-Jul-2022 14:41:15 GMT; Max-Age=31536000; Secure; HttpOnly expires Thu, 01 Jan 1970 00:00:00 GMT content-type text/html; charset=UTF-8; charset=utf-8 cache-control no-cache content-security-policy default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; img-src 'self' data: https://images-production-f.squarecdn.com https://images-production-s.squarecdn.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com; frame-src 'self' https://www.google.com https://www.google.ca https://cash.me https://square.com squarecash:; object-src 'none'; script-src 'nonce-W5oYqR03x7nwERN6zxdijw==' 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://maps.googleapis.com squarecash:; base-uri 'none'; report-uri /event/csp-report vary Accept-Encoding, User-Agent content-encoding gzip strict-transport-security max-age=631152000; includeSubDomains; preload
GET H2	200	cash-market-rounded-medium.woff2 cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/assets/fonts/cashmarket/	35 KB 35 KB	99ms 29ms	Font application/octet-stream	151.101.13.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/assets/fonts/cashmarket/cash-market-rounded-medium.woff2 Requested by Host: cash.app URL: https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.13.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3 Request headers Origin https://cash.app Referer https://cash.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-version-id ak54geWfFsKomna8RsT15mQhaKdg7y.8 content-encoding gzip etag "bb0a7911452d2d17b9bcf766d63e2602" age 37052 via 1.1 varnish x-cache HIT content-length 36116 x-amz-id-2 YBe6if4YXtNSFyNP0id38OYDS580eRtzgvnzVIk85augwHP3EV+jyd32wFgJ2zsNY+TxW/ncUh4= x-served-by cache-fra19170-FRA last-modified Tue, 20 Jul 2021 16:03:11 GMT server AmazonS3 x-timer S1626964875.444623,VS0,VE1 date Thu, 22 Jul 2021 14:41:15 GMT x-amz-request-id PREZFD5NBTNF9KC8 access-control-allow-origin * expires Thu, 20 Jul 2023 15:53:51 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/octet-stream x-cache-hits 1
GET H2	200	cash-market-rounded-regular.woff2 cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/assets/fonts/cashmarket/	33 KB 33 KB	98ms 29ms	Font application/octet-stream	151.101.13.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/assets/fonts/cashmarket/cash-market-rounded-regular.woff2 Requested by Host: cash.app URL: https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.13.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b Request headers Origin https://cash.app Referer https://cash.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-version-id Yuy9.hj465GmeH.5nTZriQopAGtUlLgT content-encoding gzip etag "438232647d9913a48305142c9fe7721b" age 167090 via 1.1 varnish x-cache HIT content-length 33725 x-amz-id-2 J8lgfrH8gR6W6/Co12MygRYviYLlN44DcOPLrvLlFAMglbG9wLG56xzsAvqAsPFCj2irxvVlIBw= x-served-by cache-fra19170-FRA last-modified Tue, 20 Jul 2021 16:03:11 GMT server AmazonS3 x-timer S1626964875.444617,VS0,VE1 date Thu, 22 Jul 2021 14:41:15 GMT x-amz-request-id XAX81NRA0DRP8H3Y access-control-allow-origin * expires Thu, 20 Jul 2023 15:53:51 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/octet-stream x-cache-hits 1
GET H2	200	deposit.js Show response cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/	420 KB 137 KB	98ms 29ms	Script application/javascript	151.101.13.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/deposit.js Requested by Host: cash.app URL: https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.13.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 60ac2f0357b7a09b64e639afe637b88d8e812270f17cb5d946a0cf42be1a4ebd Request headers Origin https://cash.app Referer https://cash.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-version-id hkpgNpWOYC8vKmzcP7.FFpfQFTgnUXn3 content-encoding gzip etag "f8d0d052f27fa3f08a56f9e7136155c0" age 144764 via 1.1 varnish x-cache HIT content-length 139380 x-amz-id-2 IP37eLSPNxxGtxUmv+ZluEqPBdCoy1e95y/PMEefCGT582YCi63/ioeC+Tcfe+2N/3WeZzjZ6oA= x-served-by cache-fra19170-FRA last-modified Tue, 20 Jul 2021 16:03:12 GMT server AmazonS3 x-timer S1626964875.444582,VS0,VE2 date Thu, 22 Jul 2021 14:41:15 GMT vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method access-control-allow-methods GET x-amz-request-id WRPH6CXHJR33PYSZ access-control-allow-origin * expires Thu, 20 Jul 2023 15:53:51 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/javascript x-cache-hits 1
POST H2	204	eventstream2 Show response cash.app/event/	0 756 B	113ms 112ms	Fetch	74.122.189.140 SQUARE
General Check archive.org Show headers Download Go to Full URL https://cash.app/event/eventstream2 Requested by Host: cash-f.squarecdn.com URL: https://cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/deposit.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.122.189.140 Ashburn, United States, ASN15211 (SQUARE, US), Reverse DNS cashbycashapp.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; img-src 'self' data: https://images-production-f.squarecdn.com https://images-production-s.squarecdn.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com; frame-src 'self' https://www.google.com https://www.google.ca https://cash.me https://square.com squarecash:; object-src 'none'; script-src 'nonce-GeUCHp+fPLDb0kjFpC3oGQ==' 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://maps.googleapis.com squarecash:; base-uri 'none'; report-uri /event/csp-report Strict-Transport-Security max-age=631152000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-fetch-mode cors origin https://cash.app accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-dest empty content-length 335 :path /event/eventstream2 pragma no-cache x-request-signature v1=SbmM7Qjz5KDgCaoY4f45uE2g19c/mNMi7Im30qqCE6Q= content-type application/json accept */* cache-control no-cache x-request-uuid 6a7a1fb0-df35-432a-a407-6c967496ba27 :authority cash.app referer https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x :scheme https sec-fetch-site same-origin :method POST X-Request-Signature v1=SbmM7Qjz5KDgCaoY4f45uE2g19c/mNMi7Im30qqCE6Q= Referer https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x X-Request-UUID 6a7a1fb0-df35-432a-a407-6c967496ba27 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/json Response headers date Thu, 22 Jul 2021 14:41:15 GMT x-content-type-options nosniff frame-options SAMEORIGIN x-frame-options SAMEORIGIN strict-transport-security max-age=631152000; includeSubDomains; preload cache-control no-cache content-security-policy default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; img-src 'self' data: https://images-production-f.squarecdn.com https://images-production-s.squarecdn.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com; frame-src 'self' https://www.google.com https://www.google.ca https://cash.me https://square.com squarecash:; object-src 'none'; script-src 'nonce-GeUCHp+fPLDb0kjFpC3oGQ==' 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://maps.googleapis.com squarecash:; base-uri 'none'; report-uri /event/csp-report set-cookie __nsid=22b11ba3-23f8-4102-9344-20721da1794a; Expires=Fri, 22-Jul-2022 14:41:15 GMT; Max-Age=31536000; Secure; HttpOnly x-xss-protection 1; mode=block expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	icon-cash-app-glyph.svg cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/assets/images/region/us/	782 B 871 B	81ms 27ms	Image image/svg+xml	151.101.13.49 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/assets/images/region/us/icon-cash-app-glyph.svg Requested by Host: cash.app URL: https://cash.app/deposit/0lt8li0xnovnajw2b47n9gl5x Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.13.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 97b48faea270da8fad705517983cfa6717e1e3315bf20e0cb968f27c25d49a16 Request headers Referer https://cash.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-version-id D0TpzRIU7bhJZYWLhiiZdXShMiijyMG2 content-encoding gzip etag "de747c84f60792a79a7b70510a3e3581" age 166058 via 1.1 varnish x-cache HIT content-length 453 x-amz-id-2 EUdyha9xgWZ+9fxGzW2b7Y8muWY+2/HeqryE9y4dbMeYGFJJnszY/sLW+z8XI9SIAoo+B9aa0A0= x-served-by cache-fra19140-FRA last-modified Tue, 20 Jul 2021 16:03:12 GMT server AmazonS3 x-timer S1626964876.637686,VS0,VE1 date Thu, 22 Jul 2021 14:41:15 GMT x-amz-request-id T9GBC33DSRE7P2CM access-control-allow-origin * expires Thu, 20 Jul 2023 15:53:51 GMT cache-control max-age=630720000, public accept-ranges bytes content-type image/svg+xml x-cache-hits 1

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| cdn string| countryGuess object| bootstrap object| scCGSHMRCache function| toHmacSHA256 function| toSHA256 function| toBase64

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cash.app/deposit	1970-01-20 04:41:40	Name: __nsid Value: d30a675f-c2e3-421c-95d2-b82e671197ce

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://cash-f.squarecdn.com/preact/8f78e7f939dbda67cbe88e48f8e472da6c4e6f09/deposit.js(Line 23) Message: An error occured with events.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com; img-src 'self' data: https://images-production-f.squarecdn.com https://images-production-s.squarecdn.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com; frame-src 'self' https://www.google.com https://www.google.ca https://cash.me https://square.com squarecash:; object-src 'none'; script-src 'nonce-W5oYqR03x7nwERN6zxdijw==' 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://maps.googleapis.com squarecash:; base-uri 'none'; report-uri /event/csp-report
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cash-f.squarecdn.com
cash.app
151.101.13.49
74.122.189.140
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
60ac2f0357b7a09b64e639afe637b88d8e812270f17cb5d946a0cf42be1a4ebd
7a3977657cfb4516873ecd5e9cd60b8209ec6e75193b093da9e140ec6248b0cb
97b48faea270da8fad705517983cfa6717e1e3315bf20e0cb968f27c25d49a16
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855