cash.app Open in urlscan Pro
151.101.2.132 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cash.app/$RITEPlanInitiative
Submission Tags: falconsandbox
Submission: On December 01 via api (December 1st 2022, 1:34:40 pm UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 151.101.2.132, located in United States and belongs to FASTLY, US. The main domain is cash.app. The Cisco Umbrella rank of the primary domain is 59645.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q1 on March 17th 2022. Valid for: a year.

This is the only time cash.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
6	151.101.129.49 151.101.129.49	54113 (FASTLY) (FASTLY)
9	2

3 151.101.2.132 (United States)

ASN54113 (FASTLY, US)

cash.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.129.49 (United States)

ASN54113 (FASTLY, US)

cash-f.squarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	squarecdn.com cash-f.squarecdn.com — Cisco Umbrella Rank: 17119	108 KB
3	cash.app cash.app — Cisco Umbrella Rank: 59645	11 KB
9	2

	Domain	Requested by
6	cash-f.squarecdn.com	cash.app
3	cash.app	cash-f.squarecdn.com cash.app
9	2

This site contains no links.

Subject Issuer	Validity	Valid
cash.app GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-17` - `2023-04-18`	a year	crt.sh
*.squarecdn.com Entrust Certification Authority - L1K	`2022-01-18` - `2023-02-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cash.app/$RITEPlanInitiative
Frame ID: A3F472F0C907F02D58602C06B7F6FEE3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pay $RITEPlanInitiative on Cash App

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

119 kB
Transfer

196 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request $RITEPlanInitiative Show response
cash.app/ 3 KB
3 KB 462ms
436ms Document
text/html 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cash.app/$RITEPlanInitiative

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

35c97da4679ef63e39768b18b8a9c7c9439db5bcdd8a73370e790fa64d906f86

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://api.squareup.com https://api.squareupstaging.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data: https://api.cashstaging.app https://api.cash.app; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com https://fonts.gstatic.com; frame-src 'self' .google.com https://www.google.ca https://square.com squarecash: .google.com; script-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com squarecash: https://.googleapis.com https: 'unsafe-eval'; connect-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://broadway.squareup.com https://squareup.com https://.bugsnag.com 'self' https://.googleapis.com .google.com https://*.gstatic.com data: blob:; base-uri 'none'; report-uri /event/csp-report
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-security-policy: default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://api.squareup.com https://api.squareupstaging.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://api.cashstaging.app https://api.cash.app; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com https://fonts.gstatic.com; frame-src 'self' *.google.com https://www.google.ca https://square.com squarecash: *.google.com; script-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com squarecash: https://*.googleapis.com https: 'unsafe-eval'; connect-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://broadway.squareup.com https://squareup.com https://*.bugsnag.com 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; base-uri 'none'; report-uri /event/csp-report
content-type: text/html; charset=UTF-8; charset=utf-8
date: Thu, 01 Dec 2022 13:34:36 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
frame-options: SAMEORIGIN
strict-transport-security: max-age=631152000; includeSubDomains; preload
vary: Accept-Encoding, User-Agent
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-served-by: cache-fra-eddf8230075-FRA
x-sq-dc: iad3b
x-sq-region: iad3b
x-timer: S1669901676.149054,VS0,VE429
x-xss-protection: 1; mode=block

GET
H2 200 cash-market-rounded-medium.woff2
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/fonts/cashmarket/ 35 KB
35 KB 58ms
15ms Font
font/woff2 151.101.129.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/fonts/cashmarket/cash-market-rounded-medium.woff2
Requested by: Host: cash.app
URL: https://cash.app/$RITEPlanInitiative
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3

Request headers

Referer: https://cash.app/
Origin: https://cash.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Thu, 28 Nov 2024 18:25:36 GMT
x-amz-version-id: Yqv0qyXo8s4cPo7VNmQY0jfbI2Ge4ZLI
content-encoding: gzip
via: 1.1 varnish
date: Thu, 01 Dec 2022 13:34:36 GMT
x-amz-request-id: 5NW962QE1K7NQA54
age: 37399
x-cache: HIT
content-length: 36116
x-amz-id-2: B1aGQVGEazHVQMOXvj5nR6fKdfuloyUJuPevcI/bmbiUVMJZ9ShyGj9JlvP5VKgYPRGMuRpQEgY=
x-served-by: cache-fra-eddf8230120-FRA
last-modified: Tue, 29 Nov 2022 18:27:17 GMT
server: AmazonS3
x-timer: S1669901677.632134,VS0,VE2
etag: "c46130d7d9a1a43958ac8d65e8eef432"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=630720000, public
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 cash-market-rounded-regular.woff2
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/fonts/cashmarket/ 33 KB
33 KB 51ms
8ms Font
font/woff2 151.101.129.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/fonts/cashmarket/cash-market-rounded-regular.woff2
Requested by: Host: cash.app
URL: https://cash.app/$RITEPlanInitiative
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b

Request headers

Referer: https://cash.app/
Origin: https://cash.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Thu, 28 Nov 2024 18:25:36 GMT
x-amz-version-id: ZMQn.NcWulJGYWaW3awGfykBItaj9ZvC
content-encoding: gzip
via: 1.1 varnish
date: Thu, 01 Dec 2022 13:34:36 GMT
x-amz-request-id: 3RBGAGXJAVN5P6RD
age: 50779
x-cache: HIT
content-length: 33725
x-amz-id-2: 1NG5TQAzqBuO96ltRsR6O9iqSK2/jRufJPioc2QAPDaT+QqDXTYnlS2RXSm5uJIGUv3DoEm0aYw=
x-served-by: cache-fra-eddf8230120-FRA
last-modified: Tue, 29 Nov 2022 18:27:17 GMT
server: AmazonS3
x-timer: S1669901677.632372,VS0,VE1
etag: "f45887f9a456b85a1ddced956dc4cd19"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=630720000, public
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 cashtag.js Show response
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/ 112 KB
37 KB 35ms
9ms Script
application/javascript 151.101.129.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/cashtag.js
Requested by: Host: cash.app
URL: https://cash.app/$RITEPlanInitiative
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a3c91f08ad27e68a0c2a226685127b9b615dd7619111cc1489e8f3eeef5e0fa2

Request headers

Referer: https://cash.app/
Origin: https://cash.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Thu, 28 Nov 2024 18:25:36 GMT
x-amz-version-id: gAh92YLbxtUORETLx4DSM2XFSZidG4VP
content-encoding: gzip
via: 1.1 varnish
date: Thu, 01 Dec 2022 13:34:36 GMT
x-amz-request-id: CFHGK06EVH7XNBC0
age: 137706
x-cache: HIT
content-length: 37685
x-amz-id-2: upo/DjG5z1UxRosHo/9JkbT/WF1VKFCxIR7GDyTjMC73difg5m4rAFYhPojMuyYl690S2z8iQ7A=
x-served-by: cache-fra-eddf8230120-FRA
last-modified: Tue, 29 Nov 2022 18:27:18 GMT
server: AmazonS3
x-timer: S1669901677.632347,VS0,VE1
etag: "d70698cf81b7190b9473bd17765d6f0d"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=630720000, public
accept-ranges: bytes
x-cache-hits: 1

POST
H2 204 eventstream2 Show response
cash.app/event/ 0
64 B 105ms
104ms Fetch 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cash.app/event/eventstream2

Requested by

Host: cash-f.squarecdn.com
URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/cashtag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cash.app/$RITEPlanInitiative
X-Request-UUID: 7a87d21f-bac3-49cf-bcd3-ec5e280eef3d
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
X-Request-Signature: v1=JF3Qyc6AQFx0Un8a6csdxjAHfisBCDkAbzuCScbnnmU=
Content-Type: application/json

Response headers

x-served-by: cache-fra-eddf8230075-FRA
strict-transport-security: max-age=631152000; includeSubDomains; preload
date: Thu, 01 Dec 2022 13:34:36 GMT
x-content-type-options: nosniff
frame-options: SAMEORIGIN
x-sq-dc: iad3b
via: 1.1 varnish
x-timer: S1669901677.685158,VS0,VE98
x-frame-options: SAMEORIGIN
x-cache: MISS
cache-control: no-cache
x-sq-region: iad3b
accept-ranges: bytes
x-xss-protection: 1; mode=block
x-cache-hits: 0

GET
H2 200 icon-cash-app-reverse.svg
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/region/us/ 823 B
683 B 25ms
10ms Image
image/svg+xml 151.101.129.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/region/us/icon-cash-app-reverse.svg
Requested by: Host: cash.app
URL: https://cash.app/$RITEPlanInitiative
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bc951017ad4a2f1051a57e38591da7bc094194bc6d4d318224b72215f43a101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cash.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Thu, 28 Nov 2024 18:25:36 GMT
x-amz-version-id: kRHP1pf7SIw3k7pBbWFcw.XCqO19hSGJ
content-encoding: gzip
via: 1.1 varnish
date: Thu, 01 Dec 2022 13:34:36 GMT
x-amz-request-id: JXHM5M2EH7QJBRV5
age: 146555
x-cache: HIT
content-length: 477
x-amz-id-2: lRGl7e9AA1YontM9XebiyzFsSd/1CHdOoEgyk9QZMeDkdYayk3RVNzsTYDtzvB2A6wVwxe1WR28=
x-served-by: cache-fra-eddf8230122-FRA
last-modified: Tue, 29 Nov 2022 18:27:18 GMT
server: AmazonS3
x-timer: S1669901677.700342,VS0,VE3
etag: "28a5b23a6d70d9e864eb8c87c03031d0"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=630720000, public
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 $RITEPlanInitiative
cash.app/qr/ 11 KB
9 KB 394ms
393ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cash.app/qr/$RITEPlanInitiative?size=288&margin=0

Requested by

Host: cash.app
URL: https://cash.app/$RITEPlanInitiative

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6a79bc252cf68e3e99f923c67581a4bc0a3427d2d8b4ccddf099fc9a3ff7380a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cash.app/$RITEPlanInitiative
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Fri, 01 Dec 2023 13:34:37 GMT
strict-transport-security: max-age=631152000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
frame-options: SAMEORIGIN
x-sq-dc: iad3b
date: Thu, 01 Dec 2022 13:34:37 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-sq-region: iad3b
content-length: 8668
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230075-FRA
last-modified: Thu, 01 Dec 2022 13:34:37 GMT
x-timer: S1669901677.685403,VS0,VE387
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, User-Agent
content-type: image/png
cache-control: public,max-age=31536000
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 apple-logo.svg
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/icons/ 902 B
768 B 31ms
19ms Image
image/svg+xml 151.101.129.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/icons/apple-logo.svg
Requested by: Host: cash.app
URL: https://cash.app/$RITEPlanInitiative
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbd8f8b95605d12519781df739907d5607bd6fd66b231ea3c36f5036a2895692

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cash.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Thu, 28 Nov 2024 18:25:36 GMT
x-amz-version-id: Zv7NHrtX.wjDQ32Lhp7rC4BooEHryho3
content-encoding: gzip
via: 1.1 varnish
date: Thu, 01 Dec 2022 13:34:36 GMT
x-amz-request-id: XHQAX7Y65HDFQ37A
age: 146454
x-cache: HIT
content-length: 538
x-amz-id-2: 2k5nQKuCkMKzg4Et3zZGP7wIp3HJp5LfCIIeVh9F+8MN8eIevUu9tK6tl/PQzkQosGmuXu5s83o=
x-served-by: cache-fra-eddf8230122-FRA
last-modified: Tue, 29 Nov 2022 18:27:17 GMT
server: AmazonS3
x-timer: S1669901677.700455,VS0,VE12
etag: "f5bd42004081c64d59e127549e60721e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=630720000, public
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 play-store.svg
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/icons/ 470 B
752 B 20ms
8ms Image
image/svg+xml 151.101.129.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/icons/play-store.svg
Requested by: Host: cash.app
URL: https://cash.app/$RITEPlanInitiative
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0b6c190851b71f99a5dbb64e691b6227c1454dfcb8dbd5e784c857dd048495d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cash.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

expires: Thu, 28 Nov 2024 18:25:36 GMT
x-amz-version-id: 6sWvyWo8Ji2NQfIj2fr7BADNXHfWmBq2
content-encoding: gzip
via: 1.1 varnish
date: Thu, 01 Dec 2022 13:34:36 GMT
x-amz-request-id: YX1KP1P9441P7HKE
age: 45801
x-cache: HIT
content-length: 319
x-amz-id-2: GEP4T/aM6v38rQla4XMj3E3KEcIa4JykEAMB7/Gv/jFtN65XZy7AjAdphr2JZEX64m0q1mk3x1E=
x-served-by: cache-fra-eddf8230122-FRA
last-modified: Tue, 29 Nov 2022 18:27:18 GMT
server: AmazonS3
x-timer: S1669901677.700456,VS0,VE1
etag: "6dcca71361b07c7120f11e01be731248"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=630720000, public
accept-ranges: bytes
x-cache-hits: 1

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cash.app/	1970-01-20 16:37:17	Name: __nsid Value: eb4af205-ff52-4f08-b5f6-dc3262a09b6c

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://api.squareup.com https://api.squareupstaging.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data: https://api.cashstaging.app https://api.cash.app; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com https://fonts.gstatic.com; frame-src 'self' .google.com https://www.google.ca https://square.com squarecash: .google.com; script-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com squarecash: https://.googleapis.com https: 'unsafe-eval'; connect-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://broadway.squareup.com https://squareup.com https://.bugsnag.com 'self' https://.googleapis.com .google.com https://*.gstatic.com data: blob:; base-uri 'none'; report-uri /event/csp-report
Strict-Transport-Security	max-age=631152000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cash-f.squarecdn.com
cash.app
151.101.129.49
151.101.2.132
0b6c190851b71f99a5dbb64e691b6227c1454dfcb8dbd5e784c857dd048495d3
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
35c97da4679ef63e39768b18b8a9c7c9439db5bcdd8a73370e790fa64d906f86
6a79bc252cf68e3e99f923c67581a4bc0a3427d2d8b4ccddf099fc9a3ff7380a
6bc951017ad4a2f1051a57e38591da7bc094194bc6d4d318224b72215f43a101
a3c91f08ad27e68a0c2a226685127b9b615dd7619111cc1489e8f3eeef5e0fa2
bbd8f8b95605d12519781df739907d5607bd6fd66b231ea3c36f5036a2895692
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

cash.app Open in urlscan Pro 151.101.2.132 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

119 kBTransfer

196 kBSize

1 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

cash.app Open in urlscan Pro
151.101.2.132 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

119 kB
Transfer

196 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions