cash.app
Open in
urlscan Pro
151.101.2.132
Public Scan
Submission Tags: falconsandbox
Submission: On December 01 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q1 on March 17th 2022. Valid for: a year.
This is the only time cash.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 151.101.2.132 151.101.2.132 | 54113 (FASTLY) (FASTLY) | |
6 | 151.101.129.49 151.101.129.49 | 54113 (FASTLY) (FASTLY) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
squarecdn.com
cash-f.squarecdn.com — Cisco Umbrella Rank: 17119 |
108 KB |
3 |
cash.app
cash.app — Cisco Umbrella Rank: 59645 |
11 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
6 | cash-f.squarecdn.com |
cash.app
|
3 | cash.app |
cash-f.squarecdn.com
cash.app |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cash.app GlobalSign Atlas R3 DV TLS CA 2022 Q1 |
2022-03-17 - 2023-04-18 |
a year | crt.sh |
*.squarecdn.com Entrust Certification Authority - L1K |
2022-01-18 - 2023-02-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cash.app/$RITEPlanInitiative
Frame ID: A3F472F0C907F02D58602C06B7F6FEE3
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
$RITEPlanInitiative
cash.app/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-medium.woff2
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/fonts/cashmarket/ |
35 KB 35 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-regular.woff2
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/fonts/cashmarket/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cashtag.js
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/ |
112 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
eventstream2
cash.app/event/ |
0 64 B |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-cash-app-reverse.svg
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/region/us/ |
823 B 683 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
$RITEPlanInitiative
cash.app/qr/ |
11 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apple-logo.svg
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/icons/ |
902 B 768 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
play-store.svg
cash-f.squarecdn.com/preact/521dc2bfcb213599995f4c88ee07a961be27c672/assets/images/icons/ |
470 B 752 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange object| cdn string| countryGuess string| regionGuess object| bootstrap object| scCGSHMRCache function| toHmacSHA256 function| toSHA256 function| toBase641 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cash.app/ | Name: __nsid Value: eb4af205-ff52-4f08-b5f6-dc3262a09b6c |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.squareup.com https://notify.bugsnag.com https://api.squareup.com https://api.squareupstaging.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://api.cashstaging.app https://api.cash.app; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com https://fonts.gstatic.com; frame-src 'self' *.google.com https://www.google.ca https://square.com squarecash: *.google.com; script-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com squarecash: https://*.googleapis.com https: 'unsafe-eval'; connect-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://broadway.squareup.com https://squareup.com https://*.bugsnag.com 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; base-uri 'none'; report-uri /event/csp-report |
Strict-Transport-Security | max-age=631152000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cash-f.squarecdn.com
cash.app
151.101.129.49
151.101.2.132
0b6c190851b71f99a5dbb64e691b6227c1454dfcb8dbd5e784c857dd048495d3
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
35c97da4679ef63e39768b18b8a9c7c9439db5bcdd8a73370e790fa64d906f86
6a79bc252cf68e3e99f923c67581a4bc0a3427d2d8b4ccddf099fc9a3ff7380a
6bc951017ad4a2f1051a57e38591da7bc094194bc6d4d318224b72215f43a101
a3c91f08ad27e68a0c2a226685127b9b615dd7619111cc1489e8f3eeef5e0fa2
bbd8f8b95605d12519781df739907d5607bd6fd66b231ea3c36f5036a2895692
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855