English

OptanonAlertBoxClosed

_dd_s

__cuid

OptanonConsent

AMP_bd1e5688aa

_ynab_api_session

The domain 'app.ynab.com' uses the commercial generic top-level domain (.com) and includes subdomain 'app'. Its registrable label 'ynab' stretches across 4 characters split between one vowel and three consonants. Tokenizing the label suggests 2 words: yna, b. Median word length is 2 characters. No strong language cues emerged from the frequency lists.

request_data[email]

request_data[password]

request_data[remember_me]

request_data[otp]

login

button

html/10/b6/10b69335-6ee1-483f-b8a4-10979a495c59.html.gz

upgrade-insecure-requests; base-uri 'self'; default-src 'self'; child-src 'self' app.ynabassets.com app-maintenance.ynabassets.com help.ynab.com help.youneedabudget.com support.ynab.com support.youneedabudget.com wellness.ynab.com wellness.youneedabudget.com *.kustomer.help https://accounts.google.com/gsi/ content.googleapis.com api.recurly.com js.stripe.com hooks.stripe.com cdn.plaid.com widgets.moneydesktop.com www.youtube-nocookie.com www.youtube.com ynab://* solve-widget.forethought.ai https://www.ynab.com/eg-gtm; connect-src 'self' *.api.kustomerapp.com cdn.kustomerapp.com https://accounts.google.com/gsi/ *.pndsn.com https://analytics.ynab.com api.amplitude.com api2.amplitude.com sr-client-cfg.amplitude.com https://experiments.ynab.com api.recurly.com api.stripe.com api.rollbar.com browser-intake-datadoghq.com api.ynab.com cdn.jsdelivr.net/npm/ cookie-cdn.cookiepro.com geolocation.onetrust.com help.ynab.com help.youneedabudget.com kustomer-prod2-attachments.s3.amazonaws.com m.castle.io privacyportal.cookiepro.com s3.amazonaws.com/kustomer-prod1-attachments sdk.iad-03.braze.com support.ynab.com support.youneedabudget.com wellness.ynab.com wellness.youneedabudget.com ynab-production-evergreen.s3.amazonaws.com customer-loyddpjksb0o2y3b.cloudflarestream.com app.ynabassets.com https://user-images.ynabassets.com/ ; font-src 'self' data: cdn.kustomerapp.com fonts.gstatic.com cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/; frame-ancestors 'self'; img-src 'self' blob: data: *.getcloudapp.com *.giphy.com *.gravatar.com appboy-images.com cdn.kustomerapp.com cdn.kustomerhostedcontent.com cookie-cdn.cookiepro.com kustomer-prod1-attachments.s3.amazonaws.com kustomer-prod2-attachments.s3.amazonaws.com ynab-production-evergreen.s3.amazonaws.com braze-images.com https://user-images.ynabassets.com/; manifest-src 'self'; media-src 'self' blob: app.ynabassets.com customer-loyddpjksb0o2y3b.cloudflarestream.com; script-src 'self' https://accounts.google.com/gsi/client atrium.mx.com cdn.amplitude.com cdn.kustomerapp.com solve-widget.forethought.ai cdn.plaid.com cdn.rollbar.com cookie-cdn.cookiepro.com js.recurly.com js.stripe.com apis.google.com 'wasm-unsafe-eval' https://www.ynabassets.com/assets/ynab-hawker-v3.js 'nonce-m5fx5X0H3H3tRTeP5kEmbA=='; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style fonts.googleapis.com js.recurly.com cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/; worker-src 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub38e4fa6a7aacc9486a49bc8aa991fd48&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cservice%3Aynab-api%2Cversion%3A26.4

upgrade-insecure-requests; base-uri 'self'; default-src 'self'; child-src 'self' app.ynabassets.com app-maintenance.ynabassets.com help.ynab.com help.youneedabudget.com support.ynab.com support.youneedabudget.com wellness.ynab.com wellness.youneedabudget.com *.kustomer.help https://accounts.google.com/gsi/ content.googleapis.com api.recurly.com js.stripe.com hooks.stripe.com cdn.plaid.com widgets.moneydesktop.com www.youtube-nocookie.com www.youtube.com ynab://* solve-widget.forethought.ai https://www.ynab.com/eg-gtm; connect-src 'self' *.api.kustomerapp.com cdn.kustomerapp.com https://accounts.google.com/gsi/ *.pndsn.com https://analytics.ynab.com api.amplitude.com api2.amplitude.com sr-client-cfg.amplitude.com https://experiments.ynab.com api.recurly.com api.stripe.com api.rollbar.com browser-intake-datadoghq.com api.ynab.com cdn.jsdelivr.net/npm/ cookie-cdn.cookiepro.com geolocation.onetrust.com help.ynab.com help.youneedabudget.com kustomer-prod2-attachments.s3.amazonaws.com m.castle.io privacyportal.cookiepro.com s3.amazonaws.com/kustomer-prod1-attachments sdk.iad-03.braze.com support.ynab.com support.youneedabudget.com wellness.ynab.com wellness.youneedabudget.com ynab-production-evergreen.s3.amazonaws.com customer-loyddpjksb0o2y3b.cloudflarestream.com app.ynabassets.com https://user-images.ynabassets.com/ ; font-src 'self' data: cdn.kustomerapp.com fonts.gstatic.com cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/; frame-ancestors 'self'; img-src 'self' blob: data: *.getcloudapp.com *.giphy.com *.gravatar.com appboy-images.com cdn.kustomerapp.com cdn.kustomerhostedcontent.com cookie-cdn.cookiepro.com kustomer-prod1-attachments.s3.amazonaws.com kustomer-prod2-attachments.s3.amazonaws.com ynab-production-evergreen.s3.amazonaws.com braze-images.com https://user-images.ynabassets.com/; manifest-src 'self'; media-src 'self' blob: app.ynabassets.com customer-loyddpjksb0o2y3b.cloudflarestream.com; script-src 'self' https://accounts.google.com/gsi/client atrium.mx.com cdn.amplitude.com cdn.kustomerapp.com solve-widget.forethought.ai cdn.plaid.com cdn.rollbar.com cookie-cdn.cookiepro.com js.recurly.com js.stripe.com apis.google.com 'wasm-unsafe-eval' https://www.ynabassets.com/assets/ynab-hawker-v3.js 'nonce-DtyvhJ9jGoWpzYb/6ZuA/w=='; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style fonts.googleapis.com js.recurly.com cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/; worker-src 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub38e4fa6a7aacc9486a49bc8aa991fd48&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cservice%3Aynab-api%2Cversion%3A26.4

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

f0a611ac734122af36e92334ed64f0b4fd0c170c2e07534fe5b7336c36729423

776eb7d3b5c2c4eadcb1da9c12cb80357218e68ea67fd3581664eb9f4c924aa0

8d4bb23b25c7ee5de70c0566ad4d613bad783058b6e3fb3b382860fdb18f3cf2

6c8befec471a486e165e83a1fbbb87725132440f1c77770e165aca08448c451e

c00d08234a64b47d4f8d5896c82dcd69461b32e28546894660038cf1ea104ee2

9ebb5af52ad2da7f4bd80abbb31ad2a01f222e363d8cf33246a3f678f31864a8

e1d95cfeeea56ae381712c19cf32fa151e6bebe5c06dfb413c3a746e81f2fca7

41764f6cf1cfa99fad12f1ee265ea0bb292761f6b15d1f5432756524854cd77f

8b4f2d70d179001b31450f83e6f153b91c20aa75cc36e7a5152cfa88a32eaa57

71e623563009d31d726ddf64abd5ce67be0071d2cbe8c828e827e7316c217324

7a57e870892224221cdf8da50926a97ae2012de6a76b63e83b519fb022970dd0

68f5f3dce9ee660d6a9f9e68e1cbbb7ada91ae379402d3f89f67d0054d1ad910

c406d0913918a51c018551b3b9ae22f5b2cfc7d14e1ae010956ada1c66ea82cd

bb26ad2d4bec8c00b640eb7be51d513c746bb2d16b8a973e1a7062c653ec2aa2

9e6cb48a8236e7d0cdebe653f85dfa64d942185308fc13d9137b92e263e78a2c

60228de78ccc35469deb0c20a460f3fa88fcb18965c06b36d71b2e57dd09ac9d

762da7972cfa99dee4b7eefdb732130dc3f0a5d90a064e5ea0deb3457bb32789

5ba13d4001fb56b073987b16d7dab3b240fe099dfaabefcf5ade73b2c2b20cf7

69d65ec22a3d484d852e795b79517d6757749efdec5c6842b4968a3333afd2c9

a0a2c2a13a96a2900b3a0dcbf85c14079b8dfb454b4bb3eb23f4505ae6f603ad

4edb131ec0a7afdb8a92d1e2528ffb10ed1b94fc22d7208fcd5c418e7ed124a1

d63a4f05c4e452708957c5e612adc521e90f821a0ebac561e7f4cd2319e047e4

color-scheme

Personal home budget software built with Four Simple Rules to help you quickly gain control of your money, get out of debt, and reach your financial goals!

description

viewport

robots

msapplication-config

csrf-param

ZKZbIVw2ndv0f0HgjqyI7KHOKt9Pgt98oiTcVx5lurrbWGH7XPAxQ9KsqAqdLT5OFxMKur9e7OCRwRU6HCu8JQ

csrf-token

csp-nonce

session-token

kustomer-chat-widget-device-id

require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-y5dwAwPw0vIH3WfLtoHTeQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http

script-src 'report-sample' 'nonce-eHjlWqYGVIk7BrECvcw4Mw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http

Requests	IP Address	Location	AS Autonomous System
11	142.250.110.84	United States	AS15169GOOGLE
7	13.33.187.48	United States	AS14618
7	142.250.185.99	United States	AS15169GOOGLE
7	104.18.36.90	United States	AS13335CLOUDFLARENET
7	3.233.158.25	Ashburn, Virginia, United States	AS14618AMAZON-AES
7	104.26.13.9	United States	AS13335CLOUDFLARENET
7	142.251.208.10	United States	AS15169GOOGLE
53	7	-	-

Security Scan Report: app.ynab.com

Summary

AI Security Verdict

Safe Website

Risk Factors

Safety Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies10

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History