blackcat.app

.app crawl

First seen 2026-05-06 · Last seen 2026-05-13 · ok HTTP/1.1 200 941 ms crawled 2026-05-13

US · 172.67.70.61 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title

Blackcat - Payment Services | Mobile and Online Financial App | Financial Services

Description

Discover Blackcat — fintech leader offering IBAN and cards, rewards and digital asset wallets. Enjoy crypto-friendly solutions, blockchain financial innovations & cryptocurrency financial tools.

Language

Canonical

https://blackcat.app/

Translations

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights
Google Tag Manager

Third-party hosts loaded (3)

s3.blackcatcard.com×51
static.cloudflareinsights.com×1
www.googletagmanager.com×1

Social

DNS records live

NS

jen.ns.cloudflare.com
skip.ns.cloudflare.com

MX

10 mx.finbusiness.tech

Verified for

Google

Email authentication strong

SPF: v=spf1 ip4:78.28.225.0/24 -all
strict (-all)
DMARC: v=DMARC1; p=quarantine; rua=mailto:admin@blackcat.app
policy: quarantine
DKIM: no key found at common selectors

Certificate (current)

WE1

from 2026-04-05 to 2026-07-04

Expires in 45 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 55/100 Checked live page: https://blackcat.app/

present

content-security-policy
x-frame-options
x-content-type-options

findings

missing HSTS
CSP allows unsafe inline scripts/styles
weak frame protection
weak content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:;, default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:;

Links to (6)

Linked from (1)

blackcatcard.com×1