www.blinkpay.bg Open in urlscan Pro
193.41.190.120 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://blinkpay.bg/
Effective URL:
https://www.blinkpay.bg/
Submission: On April 19 via api (April 19th 2024, 10:35:07 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 193.41.190.120, located in Bulgaria and belongs to BORICA-AD, BG. The main domain is www.blinkpay.bg.
TLS certificate: Issued by Thawte RSA CA 2018 on January 5th 2024. Valid for: a year.

This is the only time www.blinkpay.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	193.41.190.120 193.41.190.120	16193 (BORICA-AD) (BORICA-AD)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2 3	2606:4700::68... 2606:4700::6811:f7cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
14	4

11 193.41.190.120 (Bulgaria) 1 redirects

ASN16193 (BORICA-AD, BG)
PTR: net190-host120.borica.bg

blinkpay.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.blinkpay.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:f7cb (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	blinkpay.bg 1 redirects blinkpay.bg www.blinkpay.bg	482 KB
3	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 744	20 KB
2	gstatic.com fonts.gstatic.com	54 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
14	4

	Domain	Requested by
10	www.blinkpay.bg	www.blinkpay.bg
3	unpkg.com	2 redirects www.blinkpay.bg
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.blinkpay.bg
1	blinkpay.bg	1 redirects
14	5

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
www.facebook.com
www.bcard.bg
www.youtube.com
www.borica.bg

Subject Issuer	Validity	Valid
www.blinkpay.bg Thawte RSA CA 2018	`2024-01-05` - `2025-01-23`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.blinkpay.bg/
Frame ID: BC739E8465FE49D373A796D9169BAB41
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blink - незабавни преводи

Page URL History Show full URLs

http://blinkpay.bg/ HTTP 307
https://blinkpay.bg/ HTTP 301
https://www.blinkpay.bg/ Page URL

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 75%
Detected patterns

<[^>]+[^\w-]x-data[^\w-][^<]+

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

14
Requests

93 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

556 kB
Transfer

580 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/blinkbyborica/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/blinkbyborica/

Search URL Search Domain Scan URL

URL: https://www.bcard.bg/about/partners/dostavchitsi-na-platejni-uslugi-sertifitsirani-po-programa-blink
Title: виж нашите партньори

Search URL Search Domain Scan URL

URL: https://www.youtube.com/shorts/hDI5484KxFw

Search URL Search Domain Scan URL

URL: https://www.bcard.bg/
Title: bcard.bg

Search URL Search Domain Scan URL

URL: https://www.borica.bg/
Title: Всички права запазени. БОРИКА АД 2024

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://blinkpay.bg/ HTTP 307
https://blinkpay.bg/ HTTP 301
https://www.blinkpay.bg/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://unpkg.com/alpinejs HTTP 302
https://unpkg.com/alpinejs@3.13.8 HTTP 302
https://unpkg.com/alpinejs@3.13.8/dist/cdn.min.js

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.blinkpay.bg/
Redirect Chain

http://blinkpay.bg/
https://blinkpay.bg/
https://www.blinkpay.bg/

56 KB
56 KB

225ms
49ms

Document
text/html

193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blinkpay.bg/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

52a7c457ad469c5dd5b15d085d9322b30a83366a517232b99b90e02c3117a227

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Content-Length: 57161
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Content-Type: text/html
Date: Fri, 19 Apr 2024 22:35:01 GMT
ETag: "df49-6152ceb23cc00"
Keep-Alive: timeout=15, max=100
Last-Modified: Wed, 03 Apr 2024 08:22:08 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 19 Apr 2024 22:35:01 GMT
Keep-Alive: timeout=15, max=100
Location: https://www.blinkpay.bg/
Server: Apache

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 43ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;600;700;900&display=swap

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5a21d590985e8d9143aca22af080007a4898a933cc51ac0f0cd1adc363b9edad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 Apr 2024 22:35:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 Apr 2024 22:16:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 Apr 2024 22:35:01 GMT

GET
H2

200

cdn.min.js Show response
unpkg.com/alpinejs@3.13.8/dist/
Redirect Chain

https://unpkg.com/alpinejs
https://unpkg.com/alpinejs@3.13.8
https://unpkg.com/alpinejs@3.13.8/dist/cdn.min.js

43 KB
19 KB

21ms
20ms

Script
application/javascript

2606:4700::6811:f7cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/alpinejs@3.13.8/dist/cdn.min.js

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/

Protocol

Server

2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e556bb4305210bf27a42deb66aa28dba48be99488403079e0cac7a70fdaa53b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.blinkpay.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 19 Apr 2024 22:35:01 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1498403
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HTFJZKHAQE7W4D64C5E2Y25S-fra
server: cloudflare
etag: "ac4e-e+7zu4kTljpudZcs3gKHEUv46pU"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 87705d88de171c3c-FRA

Redirect headers

date: Fri, 19 Apr 2024 22:35:01 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01HTFK7MGA9H98D8EJ54MQX0VS-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1498144
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /alpinejs@3.13.8/dist/cdn.min.js
cache-control: public, max-age=31536000
cf-ray: 87705d88adfc1c3c-FRA

GET
H/1.1 200
OK asset.42bf5582.css
www.blinkpay.bg/assets/ 40 KB
40 KB 113ms
41ms Stylesheet
text/css 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blinkpay.bg/assets/asset.42bf5582.css

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

9f56c1fbdbc2459395b6c5edc044ad2542ec097bf4c1f3ed00d2361593672491

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 40621
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Apr 2024 08:22:08 GMT
Server: Apache
ETag: "9ead-6152ceb23cc00"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99

GET
H/1.1 200
OK blink-wire-top.svg
www.blinkpay.bg/img/ 2 KB
2 KB 42ms
42ms Image
image/svg+xml 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/blink-wire-top.svg

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/assets/asset.42bf5582.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

a022503cb19784da5619b130e8942d843c0281eb55a8b04d75da0ef8678596a4

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/assets/asset.42bf5582.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 1680
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 25 Mar 2024 11:16:28 GMT
Server: Apache
ETag: "690-6147a4e085b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98

GET
H/1.1 200
OK blink-wire-bottom.svg
www.blinkpay.bg/img/ 2 KB
2 KB 51ms
51ms Image
image/svg+xml 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/blink-wire-bottom.svg

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/assets/asset.42bf5582.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

f06c36e7443973eb76d7a25a510a9956c6ea467a427874d102e5b3f5f7f68e6f

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/assets/asset.42bf5582.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 1612
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 25 Mar 2024 11:16:28 GMT
Server: Apache
ETag: "64c-6147a4e085b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100

GET
H/1.1 200
OK art-yellow.png
www.blinkpay.bg/img/ 277 B
962 B 83ms
41ms Image
image/png 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/art-yellow.png

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/assets/asset.42bf5582.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

457146909281722280218ef00ef97cbac0f8242e81fb5f573aa91fd0cb371350

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/assets/asset.42bf5582.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 277
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Apr 2024 06:55:36 GMT
Server: Apache
ETag: "115-6152bb5ac2a00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=97

GET
H/1.1 200
OK bg.png
www.blinkpay.bg/img/ 8 KB
8 KB 93ms
42ms Image
image/png 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/bg.png

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/assets/asset.42bf5582.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

05ca106e43c1c40c84960ac362d86dcf7f664457993055cd1d91bbe6f6b0a073

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/assets/asset.42bf5582.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 7729
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 25 Mar 2024 11:16:28 GMT
Server: Apache
ETag: "1e31-6147a4e085b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
32 KB 41ms
12ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;600;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.blinkpay.bg
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Apr 2024 06:41:12 GMT
x-content-type-options: nosniff
age: 316430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Apr 2025 06:41:12 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
fonts.gstatic.com/s/montserrat/v26/ 21 KB
21 KB 36ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;600;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.blinkpay.bg
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Apr 2024 00:51:01 GMT
x-content-type-options: nosniff
age: 337441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21288
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:43:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Apr 2025 00:51:01 GMT

GET
H/1.1 200
OK hero-big.webp
www.blinkpay.bg/img/ 234 KB
235 KB 96ms
51ms Image
image/webp 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/hero-big.webp

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

2bb9e383a7635443c0e4677e4dbe42722cae257f1422d06a7fa2bba524c8a42e

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 240034
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Apr 2024 06:55:36 GMT
Server: Apache
ETag: "3a9a2-6152bb5ac2a00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/webp
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100

GET
H/1.1 200
OK phone_app.png
www.blinkpay.bg/img/ 23 KB
24 KB 92ms
41ms Image
image/png 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/phone_app.png

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

f435b330c242080116227af8670f0be208682d8a2e5ec0315933a7c992163142

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:01 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 23955
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 25 Mar 2024 11:16:28 GMT
Server: Apache
ETag: "5d93-6147a4e085b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=96

GET
H/1.1 200
OK what_you_need.png
www.blinkpay.bg/img/ 96 KB
96 KB 105ms
58ms Image
image/png 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blinkpay.bg/img/what_you_need.png

Requested by

Host: www.blinkpay.bg
URL: https://www.blinkpay.bg/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

848f1ca592d0cab1874641491cb87e4b0980c5cd8202e8289788a66bd01c0296

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:02 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 97898
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 25 Mar 2024 11:16:28 GMT
Server: Apache
ETag: "17e6a-6147a4e085b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100

GET
H/1.1 200
OK favicon.ico
www.blinkpay.bg/favicon/ 15 KB
16 KB 44ms
44ms Other
image/x-icon 193.41.190.120
BORICA-AD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blinkpay.bg/favicon/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.41.190.120 , Bulgaria, ASN16193 (BORICA-AD, BG),

Reverse DNS

net190-host120.borica.bg

Software

Apache /

Resource Hash

1d8bf77c4bc520d74aa8577ff76509a4b5d482a9a15ff84349527e646c4f5e93

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.blinkpay.bg/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 19 Apr 2024 22:35:02 GMT
Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: Keep-Alive
Content-Length: 15406
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 25 Mar 2024 11:16:28 GMT
Server: Apache
ETag: "3c2e-6147a4e085b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Alpine

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src data: https:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blinkpay.bg
fonts.googleapis.com
fonts.gstatic.com
unpkg.com
www.blinkpay.bg
193.41.190.120
2606:4700::6811:f7cb
2a00:1450:4001:808::2003
2a00:1450:4001:831::200a
05ca106e43c1c40c84960ac362d86dcf7f664457993055cd1d91bbe6f6b0a073
1d8bf77c4bc520d74aa8577ff76509a4b5d482a9a15ff84349527e646c4f5e93
2bb9e383a7635443c0e4677e4dbe42722cae257f1422d06a7fa2bba524c8a42e
457146909281722280218ef00ef97cbac0f8242e81fb5f573aa91fd0cb371350
52a7c457ad469c5dd5b15d085d9322b30a83366a517232b99b90e02c3117a227
5a21d590985e8d9143aca22af080007a4898a933cc51ac0f0cd1adc363b9edad
637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758
848f1ca592d0cab1874641491cb87e4b0980c5cd8202e8289788a66bd01c0296
9f56c1fbdbc2459395b6c5edc044ad2542ec097bf4c1f3ed00d2361593672491
a022503cb19784da5619b130e8942d843c0281eb55a8b04d75da0ef8678596a4
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
e556bb4305210bf27a42deb66aa28dba48be99488403079e0cac7a70fdaa53b3
f06c36e7443973eb76d7a25a510a9956c6ea467a427874d102e5b3f5f7f68e6f
f435b330c242080116227af8670f0be208682d8a2e5ec0315933a7c992163142

www.blinkpay.bg Open in urlscan Pro 193.41.190.120 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

75 %IPv6

4 Domains

5 Subdomains

4 IPs

3 Countries

556 kBTransfer

580 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.blinkpay.bg Open in urlscan Pro
193.41.190.120 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

556 kB
Transfer

580 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions