bad.cards Open in urlscan Pro
2606:4700:20::681a:f02 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bad.cards/
Effective URL:
https://bad.cards/
Submission: On May 25 via manual (May 25th 2023, 2:07:17 am UTC) from US — Scanned from DE

Summary HTTP 86 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 32 IPs in 3 countries across 17 domains to perform 86 HTTP transactions. The main IP is 2606:4700:20::681a:f02, located in United States and belongs to CLOUDFLARENET, US. The main domain is bad.cards.
TLS certificate: Issued by E1 on May 2nd 2023. Valid for: 3 months.

This is the only time bad.cards was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:e02	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2606:4700:20:... 2606:4700:20::681a:f02	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:480... 2a02:26f0:480:f::213:7ec4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
3	143.204.215.106 143.204.215.106	16509 (AMAZON-02) (AMAZON-02)
3	99.86.4.76 99.86.4.76	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:225b:ea00:18:28e9:8880:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2606:4700:440... 2606:4700:4400::ac40:9ad3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:211... 2600:9000:211e:c000:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	2600:9000:225... 2600:9000:225e:5000:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:4686	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1	52.57.252.54 52.57.252.54	16509 (AMAZON-02) (AMAZON-02)
2	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
3	54.186.23.98 54.186.23.98	16509 (AMAZON-02) (AMAZON-02)
2	99.86.4.50 99.86.4.50	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
1	52.40.204.112 52.40.204.112	16509 (AMAZON-02) (AMAZON-02)
86	32

1 2606:4700:20::681a:e02 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bad.cards	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700:20::681a:f02 (United States)

ASN13335 (CLOUDFLARENET, US)

bad.cards	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:480:f::213:7ec4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.fuseplatform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.215.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-106.fra53.r.cloudfront.net

cdn.refersion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pub-a5fa57787d10daadcf9f.tracking.refersion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-76.fra6.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225b:ea00:18:28e9:8880:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.bad.cards	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:9ad3 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.refersion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:211e:c000:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:5000:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.252.54 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-252-54.eu-central-1.compute.amazonaws.com

audit-tcfv2.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-50.fra6.r.cloudfront.net

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.40.204.112 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-40-204-112.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	bad.cards 1 redirects bad.cards static.bad.cards	1 MB
11	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 93 tpc.googlesyndication.com — Cisco Umbrella Rank: 132	204 KB
8	quantcast.com cmp.quantcast.com — Cisco Umbrella Rank: 2644 test.cmp.quantcast.com — Cisco Umbrella Rank: 10244 audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 12008	203 KB
7	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 stats.g.doubleclick.net — Cisco Umbrella Rank: 76 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 ad.doubleclick.net — Cisco Umbrella Rank: 165	156 KB
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 968 q.stripe.com — Cisco Umbrella Rank: 5765 m.stripe.com — Cisco Umbrella Rank: 935	118 KB
7	refersion.com cdn.refersion.com — Cisco Umbrella Rank: 24229 tracking.refersion.com — Cisco Umbrella Rank: 30922 pub-a5fa57787d10daadcf9f.tracking.refersion.com	37 KB
3	btloader.com btloader.com — Cisco Umbrella Rank: 814 api.btloader.com — Cisco Umbrella Rank: 906	15 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3686 adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	210 KB
3	fuseplatform.net cdn.fuseplatform.net — Cisco Umbrella Rank: 16564	116 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1053	16 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 886	1 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6080 adservice.google.de — Cisco Umbrella Rank: 9037	939 B
2	gstatic.com www.gstatic.com fonts.gstatic.com	237 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 344	1 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 902	601 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	839 B
86	17

	Domain	Requested by
23	bad.cards	1 redirects bad.cards
8	pagead2.googlesyndication.com	bad.cards pagead2.googlesyndication.com tpc.googlesyndication.com
6	cmp.quantcast.com	cdn.fuseplatform.net cmp.quantcast.com
4	tracking.refersion.com	cdn.refersion.com
3	q.stripe.com	bad.cards
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
3	securepubads.g.doubleclick.net	cdn.fuseplatform.net securepubads.g.doubleclick.net
3	js.stripe.com	bad.cards js.stripe.com
3	www.googletagmanager.com	bad.cards www.googletagmanager.com
3	cdn.fuseplatform.net	bad.cards cdn.fuseplatform.net
2	m.stripe.network	js.stripe.com m.stripe.network
2	api.btloader.com	btloader.com
2	ad-delivery.net	bad.cards
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	cdn.refersion.com	bad.cards pub-a5fa57787d10daadcf9f.tracking.refersion.com
1	m.stripe.com	m.stripe.network
1	www.google.com	tpc.googlesyndication.com
1	pub-a5fa57787d10daadcf9f.tracking.refersion.com	cdn.refersion.com
1	audit-tcfv2.cmp.quantcast.com	cmp.quantcast.com
1	ad.doubleclick.net	bad.cards
1	btloader.com	cdn.fuseplatform.net
1	test.cmp.quantcast.com	cmp.quantcast.com
1	cdn.jsdelivr.net	cdn.fuseplatform.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	static.bad.cards	bad.cards
1	www.google.de	bad.cards
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.gstatic.com	bad.cards
1	fonts.googleapis.com	bad.cards
86	33

This site contains links to these domains. Also see Links.

Domain
twitter.com
instagram.com
reddit.com
patreon.com

Subject Issuer	Validity	Valid
bad.cards E1	`2023-05-02` - `2023-07-31`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
cdn.fuseplatform.net R3	`2023-04-11` - `2023-07-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.refersion.com Amazon RSA 2048 M01	`2023-03-13` - `2024-04-09`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2023-05-12` - `2023-08-13`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
static.bad.cards Amazon RSA 2048 M01	`2023-02-21` - `2023-10-30`	8 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-17` - `2024-05-16`	a year	crt.sh
cmp.quantcast.com R3	`2023-04-14` - `2023-07-13`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-04-14` - `2023-07-13`	3 months	crt.sh
*.tracking.refersion.com Amazon RSA 2048 M02	`2023-02-28` - `2023-10-10`	7 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-14` - `2023-06-13`	4 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-28` - `2023-07-26`	4 months	crt.sh

This page contains 8 frames:

Primary Page: https://bad.cards/
Frame ID: EF85A7A9BF9798758BE48D6C5F4CCC44
Requests: 67 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230522/r20190131/zrt_lookup.html
Frame ID: 00B435B30AA520473C83C96F2BEA9E67
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3525646721011012&output=html&adk=1812271804&adf=3025194257&lmt=1684980430&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fbad.cards%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684980429508&bpp=11&bdt=742&idt=458&shv=r20230522&mjsv=m202305170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=180123989427&frm=20&pv=2&ga_vid=2065172272.1684980430&ga_sid=1684980430&ga_hid=1606711966&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759876%2C44759927%2C31074735%2C44788441%2C44789923&oid=2&pvsid=3658743130442044&tmod=223617719&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=508
Frame ID: FBFEEE74DAC9E3B6E33406167C1FCE22
Requests: 1 HTTP requests in this frame

Frame: https://pub-a5fa57787d10daadcf9f.tracking.refersion.com/r.html
Frame ID: 0F3F53F63E2B94E721A2FEA662AF7B30
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: 9CAA2C90C49CED225D383D43850438D5
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 46D81AF00A23A5A44052243C5C1EA774
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3FEAAE3AC8A0591C2E4EF2B78B6DE0C2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 54F94F2BC75C3D9278456F57047F3FE3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bad Cards | good games for your bad side.

Page URL History Show full URLs

http://bad.cards/ HTTP 301
https://bad.cards/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

86
Requests

100 %
HTTPS

76 %
IPv6

17
Domains

33
Subdomains

32
IPs

3
Countries

2773 kB
Transfer

7033 kB
Size

10
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://twitter.com/playbadcards/

Search URL Search Domain Scan URL

URL: https://instagram.com/playbadcards?igshid=YmMyMTA2M2Y=

Search URL Search Domain Scan URL

URL: https://reddit.com/r/allbadcards

Search URL Search Domain Scan URL

URL: http://patreon.com/allbadcards/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bad.cards/ HTTP 301
https://bad.cards/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

86 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
bad.cards/
Redirect Chain

http://bad.cards/
https://bad.cards/

7 KB
3 KB

436ms
355ms

Document
text/html

2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 01ab2327de9853adabf2a07a2aac4ae735a33ab96bcbef3f624da170b011087c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7cca391d89953655-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 25 May 2023 02:07:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUbF2xTV5KQmXEScXRn7cbJpTmLQHIlAcWp9P9QE9O5GXhlgPl1dXcHENTwj4q4Ct8lnY3QwKu0T%2FcLX6h5c06DvSUtH9HhvdvJMgN7c3oP0K%2BJHL90csLB8sJJXFLfhmyqd8Ny%2BvA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding
x-powered-by: Express

Redirect headers

CF-RAY: 7cca391cddc368fb-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 25 May 2023 02:07:08 GMT
Expires: Thu, 25 May 2023 03:07:08 GMT
Location: https://bad.cards/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UPI7NFdJ0PsBO1AXXxxjVYvxmGIpv55Vi74aYgWwZPiFjV9cTlMNGcLHDqGY2FjSp7S5M0An%2BfFePpjwRAxjjHAATrqL5%2B5j3YQiw6RxnRVOPTInIKpCtwE%2F9H6xltOr3GFPsUrZIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 logo-small.png
bad.cards/ 77 KB
78 KB 65ms
32ms Image
image/png 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bad.cards/logo-small.png?2
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cdff1df570321b1b3b4312ed1f7ce8245b9071642ecb523d0682f962e196784b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 49376
cf-polished: origSize=81343, status=vary_header_present
x-powered-by: Express
content-length: 79156
cf-bgj: imgq:85,h2pri
last-modified: Fri, 05 May 2023 20:16:24 GMT
server: cloudflare
etag: W/"13dbf-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NH6zElc8DvRyQggKZt7abMZ9LG0oaKy0bCc8vTSwwLTQDh1M2ZTsFFkgsnI1HT2IqjrVtAt%2Fw1zjeCtTunaTobA0oTrSOWkwmm39UUGE5BPfOLMBhbKcf1KpKwiLCJR2rL8%2BLxB8yA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7cca39202b9b3655-FRA

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
839 B 142ms
48ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Spline+Sans:wght@300;400;700&display=swap

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

95fa7ac51b31d3796723d8175249f59d3fe2410d397fc5a5bd892421ccf2f9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 25 May 2023 02:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 25 May 2023 02:07:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 25 May 2023 02:07:08 GMT

GET
H2 200 GinJus-Regular.woff2
bad.cards/fonts/ 15 KB
15 KB 552ms
519ms Font
font/woff2 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/fonts/GinJus-Regular.woff2
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f981d45f43f1c90fd39472e1ed4648205e69ffecbab12cc93eb057ca87276dce

Request headers

Referer: https://bad.cards/
Origin: https://bad.cards
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
cf-cache-status: EXPIRED
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"3a34-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqO%2BNxVvXldVVOMk9zOHrZrjih3RHdcB%2B2r8yH6XSS%2B6GBXQ8TRXChA%2F4eayAgUZY9L9IvSBSSlBEWZEQSrKlYXp81vp1PbqNCXgoCuZTyIlNw4Qt%2FF1OQG4SnXuMYDcOtiCyxheoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: https://bad.cards
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7cca39201b973655-FRA
content-length: 14900

GET
H2 200 Stacion-Regular.woff2
bad.cards/fonts/ 17 KB
18 KB 536ms
513ms Font
font/woff2 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/fonts/Stacion-Regular.woff2
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6433bb29063bf8ef44e9e8ca2037b3098cb815a7edc999d89508b5fd33f7aff9

Request headers

Referer: https://bad.cards/
Origin: https://bad.cards
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
cf-cache-status: EXPIRED
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"45c0-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5emu2WYIY5P5Jg%2FtSsLtkfGWQvMX8sH%2BPV5EoXqgLBC4sInMGrWSLjNpyj%2FHdMvDe%2Fol6y1oHJNCN8lagInIrzhWVo4y4scwLywWJ1Nd4xhbMmP1kkoWXJV8nTWe0qaL5ToFXnrmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: https://bad.cards
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7cca39202b983655-FRA
content-length: 17856

GET
H2 200 fuse.js Show response
cdn.fuseplatform.net/publift/tags/2/2990/ 210 KB
54 KB 889ms
775ms Script
application/x-javascript 2a02:26f0:480:f::213:7ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5df3be089e223cf8c4656f65ff3fe6d0a66c4e5a04f4dff8f9e3ec6cb79d4705

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: gzip
last-modified: Wed, 10 May 2023 06:48:44 GMT
server: AkamaiNetStorage
etag: "8e56a155a5e547d6369bdce963694be5:1683701324.759965"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1800
accept-ranges: bytes
content-length: 55338
expires: Thu, 25 May 2023 02:37:09 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
47 KB 79ms
38ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2450511bf31bc5ca90dd61a874e3e3ba3aa014684cc3adce74acd1442bdcd293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47300
x-xss-protection: 0
server: cafe
etag: 274857770754991835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 25 May 2023 02:07:09 GMT

GET
H2 200 cast_receiver_framework.js Show response
www.gstatic.com/cast/sdk/libs/caf_receiver/v3/ 643 KB
180 KB 158ms
74ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca4d20d5e7f10dbd17be081654ffb7af4f2e7bbeb5cdea6324d19236690d14e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 184061
x-xss-protection: 0
last-modified: Tue, 01 Nov 2022 21:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="chrome-dongle"
vary: Accept-Encoding
report-to: {"group":"chrome-dongle","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chrome-dongle"}]}
content-type: text/javascript
cache-control: private, max-age=0
accept-ranges: bytes
expires: Thu, 25 May 2023 02:07:08 GMT

GET
H2 200 main.46bd4fae.chunk.css
bad.cards/static/css/ 2 KB
1 KB 45ms
22ms Stylesheet
text/css 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/static/css/main.46bd4fae.chunk.css
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f02d21a2f2f0e91ee9eae1dc386cf82e4609a27c867acbbd5ff9d061d05f55b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20820
cf-polished: origSize=2366
x-powered-by: Express
cf-bgj: minify
last-modified: Fri, 05 May 2023 20:16:24 GMT
server: cloudflare
etag: W/"93e-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFkQ5XcAuiW1tFBaI9s%2F%2BNZaoRB045zxtl9QJpmF%2BlKsHnsVSZFuJoKfFhLm2kFwIBOEKAn4iiNVY3H18xVofJ%2BoWTbAer12FsOZfCVu3G1z%2FaQGzHp6YcoKPbHsvvoxyPppIPIGvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
cf-ray: 7cca39201b963655-FRA

GET
H2 200 7.d3529c36.chunk.js Show response
bad.cards/static/js/ 1 MB
364 KB 63ms
50ms Script
application/javascript 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/static/js/7.d3529c36.chunk.js?bv=1683342932144
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 3cf88b31f0b9f5b69f46282b449b0182729613b97b18f87d110b1886b6e354e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20820
cf-polished: origSize=1325809
x-powered-by: Express
cf-bgj: minify
last-modified: Fri, 05 May 2023 20:16:24 GMT
server: cloudflare
etag: W/"143af1-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UIkPVttOtvWSods1qpOv8RdPVt6dmVCpO4OatkEyI3BjWZk1od2N3hydAx%2F7zb5KTpYUhnWX%2BKWpz60f%2FzRsiHjzvNQldvcX7GTLDAJ9R9W3Nsv1EHHOQjXBl9WfZfn8NizqSOlfTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=86400
cf-ray: 7cca39202b993655-FRA

GET
H2 200 main.d3529c36.chunk.js Show response
bad.cards/static/js/ 161 KB
41 KB 57ms
44ms Script
application/javascript 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 569372e1e0097ae982108a5ce953a33214448a0f5a32ccf5bda05e9918d7d103

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15181
cf-polished: origSize=165229
x-powered-by: Express
cf-bgj: minify
last-modified: Fri, 05 May 2023 20:16:24 GMT
server: cloudflare
etag: W/"2856d-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDgc78nM64XIE8mPZai2745R29mny4fPVNuuXb8nfcqiERbcIjs6Zmu4rGSw5TCWN415PG%2Fjb8QOLCyHVgK6ISqrFYnFlwGV%2FFyENqLBw5RgXi2nVT7K6I58rAnS9JJUqaB8Uu9OGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=86400
cf-ray: 7cca39202b9a3655-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 102 KB
40 KB 67ms
26ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M5VR86X

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

adef5b3fe9e214dda41a5a8825f02b0e0f46be35720fb5fc849fbe224142e59f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40678
x-xss-protection: 0
last-modified: Thu, 25 May 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 25 May 2023 02:07:09 GMT

GET
H/1.1 200
OK refersion.js Show response
cdn.refersion.com/ 31 KB
32 KB 125ms
9ms Script
application/x-javascript 143.204.215.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.refersion.com/refersion.js
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-106.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9ca1f96ff7ba29afd8520b80dbff93a386d205d07c6be3025fd17c1208108b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Wed, 24 May 2023 07:57:37 GMT
x-amz-version-id: .z6Ij8RKlWu7_TjQFcP9teRjS.tAjstL
Via: 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Age: 65373
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:441910979855:build/Refersion-Tracking-Build:73628c93-f755-4b3d-8d5c-a1ebdbebadc0
X-Cache: Hit from cloudfront
Connection: keep-alive
x-amz-meta-codebuild-content-md5: 91ec5cf5fda69cb6cd86040e2dd38391
Content-Length: 31724
Last-Modified: Wed, 22 Feb 2023 15:36:53 GMT
Server: AmazonS3
ETag: "cc3f66d9f13a349a59672074e6354f8a"
x-amz-meta-codebuild-content-sha256: 42d26243f1280db4b5fe4f14da9a93e79ee5c40ecaa56e39403c9417ef85fa11
Content-Type: application/x-javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: 9ELsmfz56myAvE_BgtoE8Fge0-vS4GMnuYVX6qV1N2Oo67XHmwVDHw==

GET
H2 200 get-auth-urls Show response
bad.cards/auth/ 1012 B
847 B 176ms
168ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/auth/get-auth-urls?state={{REPLACEME}}
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a37716b0319deda3a44563d20c5d45c3cf4e4abd5e560d5c07140c8da368f8f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"3f4-M00MVOVqgVC7prt0cVrYDNMUOcQ"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnJ7atFfeKlE%2BztbwnmzHw8wdgsbU18%2FYpynnDRojKo8687KmEMJvBu1ltN%2BYojwKUXVPWfA%2F1zxS%2BYRVfHHnoxshbXp%2FC4bNjw7nybW7xJE4dV5eK%2Btjqsubqv45h3dPQng3ZuIWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 7cca39221cef3655-FRA

GET
H2 200 data Show response
bad.cards/api/user/ 118 B
410 B 344ms
335ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/api/user/data?authTypes=patreon
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: ad2d80f11e6bfd6808f43ef7096e0586f4843ecb67337904253692666bf012ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"76-oNEC9THb70DBV2SB9I7B3O3uewQ"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnJ%2BRohpItM43i%2B05Ga18InZJr7mfA2BvvrSmgA16ezjoXxGr4oorVNKoIQz8JuX9wzTl4cCtO2aAhjjByh8M2TrS1ahORHGQPZnrKHw0D5TL1kUF4udu1p4wqKVl%2Fjx3V7w2Rje8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 7cca39221cf03655-FRA

HEAD
H3 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 60ms
26ms Fetch
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47300
x-xss-protection: 0
server: cafe
etag: 14312801424842293025
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 25 May 2023 02:07:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
85 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N3BGZ4J7BJ

Requested by

Host: bad.cards
URL: https://bad.cards/static/js/7.d3529c36.chunk.js?bv=1683342932144

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8752f25daa51cdfba52ac4630299871965531719aac14b67e317317ca6d6ee8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86718
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 25 May 2023 02:07:09 GMT

GET
H2 200 v3 Show response
js.stripe.com/ 473 KB
114 KB 224ms
13ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: bad.cards
URL: https://bad.cards/static/js/7.d3529c36.chunk.js?bv=1683342932144

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

6564c2dc29a6e72c15675e83a2f4f6d71cc92ea8f286edf6d2be504f40e2210f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Thu, 25 May 2023 02:06:32 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 38
x-cache: Hit from cloudfront
last-modified: Wed, 24 May 2023 20:32:12 GMT
server: Cloudfront
etag: W/"8ccb4bbdad23a8614e959712f1423a1a"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: 2imjIQvzBOKRPzgCGuCzIXIpdHiKbb5TkQV_I4ppgrFGI66BlplYhw==

GET
H2 200 logo.svg
bad.cards/ 42 KB
17 KB 32ms
21ms Image
image/svg+xml 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bad.cards/logo.svg
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: ad0164b4b831605b7e1908c2f7d0b818f2d7f7e55770471ca71c49a1e56e5376

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 15180
x-powered-by: Express
etag: W/"a86b-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LGHQHurLJMNqjuV9GxJwM9ek5r5EJZgHBvTTNBEgS11ELOTso%2FMZHKKa%2BtDzxNYa6QdkZGQprhQ4%2FAt4vBpkbZP0UXQEs3fExNmelqjLkhCCjJnpQJg6TZE6QcOqQJ61vsx%2FFnXtjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 7cca3923ade23655-FRA

GET
H2 200 logo_arc.svg
bad.cards/ 100 KB
38 KB 34ms
23ms Image
image/svg+xml 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bad.cards/logo_arc.svg
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f85fa979ce48121c43d0f46cd5d163e092ce7aaa1ecdbc7c50baea412c5d76a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 15180
x-powered-by: Express
etag: W/"18e6d-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bn03kF7K7sYyk8EOHm9hZ5shQLzlNMgZ7jUxzNMBb%2B05lfk7BG3DOIbzw9CM7%2FAku1iMND%2FQcLPYe0PBfQJlHa7NI%2BwZ%2B5SgA6NuvqrRX7IoRsjxnTHWWGCm7bUGh%2BAozH4JKJivFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 7cca3923ade43655-FRA

GET
H2 200 get-auth-urls Show response
bad.cards/auth/ 1012 B
841 B 336ms
325ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/auth/get-auth-urls?state={{REPLACEME}}
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a37716b0319deda3a44563d20c5d45c3cf4e4abd5e560d5c07140c8da368f8f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"3f4-M00MVOVqgVC7prt0cVrYDNMUOcQ"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p0DBhOQ2nLNSFWbLCk6C39QDhn0thZm7Z1PKHoL8h2uLHeuOwGpE0nVeC5gPzkSTxf1899UJU%2BHw1Yc7nUcEs31IdP%2B%2F%2FrUdNs9cLGntmNgx61J49VAH9P229ow34D820FSoTi%2Blrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 7cca3923addc3655-FRA

GET
H2 200 homepage-faq Show response
bad.cards/api/content/ 7 KB
3 KB 343ms
332ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/api/content/homepage-faq
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1e61bceafc4f99402741de39a43204c0ba0c700165e409b7bd5beed542c552d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1c37-HczI9lS4CMxDMg9bMneifan5Ek0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUaq6qXjO6%2BtRqA4uqiUzoH6j1Hz7J0woZzGPkUy%2FqTYbemYVXUTG4SU8YD%2BThgBBUeEFt9z4HDqsu%2F9yPAnCmPwPFxkfjw9QG9dp%2FyD3CppJ1cD0g7P8ghw%2BBHcZFqRjnpTP5CVMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cache-control: max-age=175
cf-ray: 7cca3923addd3655-FRA

GET
H2 200 homepage-faq Show response
bad.cards/api/content/ 7 KB
3 KB 351ms
340ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/api/content/homepage-faq
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1e61bceafc4f99402741de39a43204c0ba0c700165e409b7bd5beed542c552d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1c37-HczI9lS4CMxDMg9bMneifan5Ek0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lquFm%2FReHiVCK3oee%2Fy1szv5WuAGyFEEsUoLI9hb%2FnBvEbs4fKL%2ByN2FMZX%2BWQ1jplBjRp8AmttIjDGa15kQIyettI1P67gp06R8jBMaNwIgus8vjM47FL8CuVLW5a9EUNdJuUVF4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cache-control: max-age=175
cf-ray: 7cca3923adde3655-FRA

GET
H2 200 homepage-faq Show response
bad.cards/api/content/ 7 KB
3 KB 179ms
175ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/api/content/homepage-faq
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1e61bceafc4f99402741de39a43204c0ba0c700165e409b7bd5beed542c552d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1c37-HczI9lS4CMxDMg9bMneifan5Ek0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4LUedevQVhu31ZO2AJVVKBVoqGpa%2FYmaCZ2gBvm3HzZISUjhbSS2jCQ1R6KlVPximSy%2FgLD5bx1UNHY0O4sybE7nm%2BZDTSmB62l7VP4ZrCXoD%2F2tlhm7D3LomuM4hGWThOBuvdvxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cache-control: max-age=175
cf-ray: 7cca3923ade03655-FRA

GET
H2 200 register Show response
bad.cards/api/user/ 32 B
671 B 339ms
336ms Fetch
application/json 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/api/user/register
Requested by: Host: bad.cards
URL: https://bad.cards/static/js/main.d3529c36.chunk.js?bv=1683342932144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 71a52055d191a81c25e2f9721b96e9daaa1438ab4724614c0540d51d98efd52a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"20-bXn6pVElIIfvRxTkTx8nEkmk5eU"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZfOt8KDVIrTuNA4XXTgDhX4ACTrbhXhWfTdBxdSQZZTjzWGJqs1Y5S%2BxrUbALXtJQ7XB12mqGDAQ51DA5ljcOedUPUF0v7If0IUpPZRAtmZLUhTyJsCjKp%2FxDOlEvTsaYB7jThk18w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 7cca3923ade13655-FRA
content-length: 32

GET
H2 200 Stacion-Regular.45ccf7d7.woff2
bad.cards/static/media/ 17 KB
18 KB 18ms
17ms Font
font/woff2 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/static/media/Stacion-Regular.45ccf7d7.woff2
Requested by: Host: bad.cards
URL: https://bad.cards/static/css/main.46bd4fae.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6433bb29063bf8ef44e9e8ca2037b3098cb815a7edc999d89508b5fd33f7aff9

Request headers

Referer: https://bad.cards/static/css/main.46bd4fae.chunk.css
Origin: https://bad.cards
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19218
x-powered-by: Express
content-length: 17856
last-modified: Fri, 05 May 2023 20:16:24 GMT
server: cloudflare
etag: W/"45c0-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3cBJxV1ggiajV00fYVVrUm%2B8T1QhBL0CGvM4Lme52YtrFfDrzlEk4bi08BM0ijjhTYN%2BLjWyghyunZ51Xj1pRPRzQB5hgYxgZ8XP9hqxlTHxldfo0oBbELgBJZc%2FJ6uSFdMxc%2BoE8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: https://bad.cards
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7cca3923ee133655-FRA

GET
H2 200 _6_7ED73Uf-2WfU2LzycEbAimC0.woff2
fonts.gstatic.com/s/splinesans/v9/ 56 KB
57 KB 171ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/splinesans/v9/_6_7ED73Uf-2WfU2LzycEbAimC0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Spline+Sans:wght@300;400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e77f48d11c58959d5129845bf10ce5cc3fbcfb502b8c0fa690946011927d48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bad.cards
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 20 May 2023 09:41:05 GMT
x-content-type-options: nosniff
age: 404764
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57612
x-xss-protection: 0
last-modified: Tue, 02 May 2023 14:54:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 May 2024 09:41:05 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305170101/ 354 KB
120 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3525646721011012&plah=bad.cards

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9992c6eea425cc0825d6c5b5755176ca0fb9f281bcfe4e2cca1f8d6815da8c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122570
x-xss-protection: 0
server: cafe
etag: 7040324789255272837
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 25 May 2023 02:07:09 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230522/r20190131/ Frame 00B4 10 KB
5 KB 75ms
25ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230522/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bad.cards/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 May 2023 19:18:32 GMT
etag: 15057649708203361565
expires: Wed, 07 Jun 2023 19:18:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
85 KB 40ms
40ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N3BGZ4J7BJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5VR86X

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2bc30f79ef0c22dcaa23579383d0e33ea940b43f880af551efa77c616cbccf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86678
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 25 May 2023 02:07:09 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
240 B 80ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-N3BGZ4J7BJ&gtm=45je35m0&_p=1606711966&_gaz=1&cid=2065172272.1684980430&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dp=%2F&sid=1684980429&sct=1&seg=0&dl=https%3A%2F%2Fbad.cards%2F&dt=Bad%20Cards%20%7C%20good%20games%20for%20your%20bad%20side.&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N3BGZ4J7BJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 May 2023 02:07:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bad.cards
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
240 B 88ms
22ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N3BGZ4J7BJ&cid=2065172272.1684980430&gtm=45je35m0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N3BGZ4J7BJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 May 2023 02:07:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bad.cards
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 83ms
18ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N3BGZ4J7BJ&cid=2065172272.1684980430&gtm=45je35m0&aip=1&z=504230005

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 May 2023 02:07:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 GinJus-Regular.39fa2588.woff2
bad.cards/static/media/ 15 KB
15 KB 510ms
497ms Font
font/woff2 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/static/media/GinJus-Regular.39fa2588.woff2
Requested by: Host: bad.cards
URL: https://bad.cards/static/css/main.46bd4fae.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f981d45f43f1c90fd39472e1ed4648205e69ffecbab12cc93eb057ca87276dce

Request headers

Referer: https://bad.cards/static/css/main.46bd4fae.chunk.css
Origin: https://bad.cards
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
cf-cache-status: EXPIRED
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"3a34-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nRx%2B2sXpJekWCn8lfnAaQgxB0zoyiAOR3k40UYDDdm1k4%2BS5QZvCxHnYedRGRZvid%2FS%2F4FjUH0aijq5tXf9mlfOIl%2BVQT%2FPX3iEedWwPpAm%2BTNk7m%2FjfDnVL5HULDDs5pBrRunUjJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: https://bad.cards
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7cca39262f973655-FRA
content-length: 14900

GET
H2 200 disc_pink.svg
bad.cards/discs/ 11 KB
5 KB 14ms
13ms Image
image/svg+xml 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bad.cards/discs/disc_pink.svg
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 544014704e44a2a2dbe171c90a91208a68f6e0470fbed2f3daef43645ee122ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 65980
x-powered-by: Express
etag: W/"2d70-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMUlrqyjaQzLB7g2xYLEtravrqdMiViJ87HwsDy7LXc%2B%2BQtEBIbGxu3PhX%2FStlMPrYk9qAZ7Ga81VRxrUbxDLD8Jc2UiRZIW0TCY415puHiWck0onhwlyFf0cAGhJ6jVqKEB8ACKuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 7cca3926affe3655-FRA

GET
H2 200 beta-badge-outer.svg
bad.cards/ 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bad.cards/beta-badge-outer.svg
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c3c8a4e8fa41a805ab29d9a608fd6432f648677933fa767305177363dbb3571f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 65980
x-powered-by: Express
etag: W/"927-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlsOgzNYw7GrOkYBN5Ccb%2BO1azkBf3C00fa76zMQ%2BaX3nH3c13J9hb9ORbMbL%2BOzsh%2FxRjbotWASgynUZYyii%2Bl9A77jwPgYxCsCzMStK3Iqp90j7Uv0YYXBtyP5B5TJIVZN%2FqBs%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 7cca3926c80d3655-FRA

GET
H2 200 beta-badge-inner.svg
bad.cards/ 8 KB
4 KB 15ms
15ms Image
image/svg+xml 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bad.cards/beta-badge-inner.svg
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 95926ffbdb25e8fb63a6a44396cf79efda083ec5b1861f85324d6cff216e9566

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 20817
x-powered-by: Express
etag: W/"1fee-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNAKqNuiWqStJJfErn4KMxuNUbeqTw%2BVVEzZDcltkBbo6MKq2g%2BChaaFlMzj8NzQ7G1YxP6Z%2FEQZTz2Vn9KuHYV23sUq11DA1ZTmZXVP5eVLGhdYh6vlTZ0DsDW7u5urmdvw1vgWhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 7cca3926c80f3655-FRA

GET
H2 206 2meme-all-gifs000040.mp4
static.bad.cards/tomeme/vids/ 155 KB
156 KB 102ms
10ms Media
video/mp4 2600:9000:225b:ea00:18:28e9:8880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.bad.cards/tomeme/vids/2meme-all-gifs000040.mp4
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:ea00:18:28e9:8880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a825cc978c972912e65bdc6886b656a41d85241e249667fb8ea0fe385e1f2f59

Request headers

Referer: https://bad.cards/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 24 May 2023 12:59:09 GMT
via: 1.1 355f72364b4c8f8829ae95f886a03f56.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 18:11:36 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P1
age: 47281
etag: "53fbc390ba2baa460bfc7aab7e437e37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: video/mp4
Content-Range: bytes 0-158869/158870
accept-ranges: bytes
x-amz-cf-id: knU-wm8udkwmlRNS-Sz7gYh0AYM-7xefzP8i3xMqo6mI6A5wnnRXaQ==
Content-Length: 158870

GET
H2 206 bad_cards_fill.webm
bad.cards/ 670 KB
671 KB 627ms
618ms Media
video/webm 2606:4700:20::681a:f02
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bad.cards/bad_cards_fill.webm
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d0fa6b780967f67a13f45dec19174215745b2adb190f4a76da7c3a72245af4be

Request headers

Referer: https://bad.cards/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
cf-cache-status: EXPIRED
last-modified: Fri, 05 May 2023 20:16:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"a7715-187ed8efdc0"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIzK%2BVzny19XRma5ScmjIKjvBlXNFvAtRWhoHumbXoJbdosr3gYqjQEj1SY66rwRrjHEAZvQMmSCsdk01e8ICMWjSNNEwYtZGBt4t7002u4%2FF2UBaxoNQ3rX0T98kAi39fXKcalWZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/webm
Content-Range: bytes 0-685844/685845
cache-control: public, max-age=86400
cf-ray: 7cca392728453655-FRA
Content-Length: 685845

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 385 B
601 B 50ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=bad.cards&callback=_gfp_s_&client=ca-pub-3525646721011012

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3525646721011012&plah=bad.cards

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c70df35c1681e304a82d13f24d9f50933ea33525bc52eae86fb50db5fa8044d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 73ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=bad.cards

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 53ms
18ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=bad.cards

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 54ms
53ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=jss2&ign=false&pw=1600&ph=1200&x=0&y=1130.4

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 May 2023 02:07:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FBFE 603 B
245 B 28ms
27ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3525646721011012&output=html&adk=1812271804&adf=3025194257&lmt=1684980430&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fbad.cards%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684980429508&bpp=11&bdt=742&idt=458&shv=r20230522&mjsv=m202305170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=180123989427&frm=20&pv=2&ga_vid=2065172272.1684980430&ga_sid=1684980430&ga_hid=1606711966&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759876%2C44759927%2C31074735%2C44788441%2C44789923&oid=2&pvsid=3658743130442044&tmod=223617719&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=508

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bad.cards/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 25 May 2023 02:07:10 GMT
expires: Thu, 25 May 2023 02:07:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 start Show response
tracking.refersion.com/ 227 B
546 B 367ms
363ms XHR
application/json 2606:4700:4400::ac40:9ad3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.refersion.com/start

Requested by

Host: cdn.refersion.com
URL: https://cdn.refersion.com/refersion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ad3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea4ff7a90009d4247aec018135ce2d2b8d8a733ca5560b507dda6d07e854b7e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://bad.cards/
accept-language: de-DE,de;q=0.9
Key: pub_a5fa57787d10daadcf9f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
via: 1.1 e4c24b48777e46bf299a44e5b6560a32.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-cf-pop: CDG50-C2
x-amzn-requestid: 517ddfed-1809-47d8-a1e8-49a91b98f68b
x-cache: Miss from cloudfront
x-amz-apigw-id: FdNgTHkuoAMFUSw=
server: cloudflare
x-amzn-trace-id: Root=1-646ec2ce-19c64f90554f7dad586d557e;Sampled=0;lineage=473d8242:0
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7cca392908d437f7-FRA
access-control-allow-headers: Refersion-Public-Key,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-cf-id: jc5plW5YAnv7EyrISt5x27yoJlYtMuH30jRbcJH_mxqrd4Qo7H1KGw==

OPTIONS
H2 200 start
tracking.refersion.com/ Frame 0
0 189ms
157ms Preflight
application/json 2606:4700:4400::ac40:9ad3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.refersion.com/start

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ad3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: key
Access-Control-Request-Method: POST
Origin: https://bad.cards
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: Key,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 7cca39280fcd37f7-FRA
content-length: 0
content-type: application/json
date: Thu, 25 May 2023 02:07:10 GMT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
via: 1.1 e4c24b48777e46bf299a44e5b6560a32.cloudfront.net (CloudFront)
x-amz-apigw-id: FdNgQFr3oAMFV8Q=
x-amz-cf-id: oMUhXgb2sMC9rKqYeNnAK83I6LOfLjZ4LcwdzOjM-J6jJxm4NEJhUA==
x-amz-cf-pop: CDG50-C2
x-amzn-requestid: 222efcdc-c275-408d-90b4-67088b7432af
x-cache: Miss from cloudfront

GET
H2 200 choice.js Show response
cmp.quantcast.com/choice/PRrmquD1Ggcb1/bad.cards/ 10 KB
4 KB 51ms
17ms XHR
application/javascript 2600:9000:211e:c000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/choice/PRrmquD1Ggcb1/bad.cards/choice.js?tag_version=V2
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:c000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bdac68294ee1f89d0d32a920adb9cabc2ec217f6b11a27771cd6687da4d1ce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:06:41 GMT
content-encoding: br
via: 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 30
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 19 May 2023 10:51:41 GMT
server: AmazonS3
etag: W/"96ba7511e31bec393e970423895eab7f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://bad.cards
cache-control: max-age=3600
access-control-allow-credentials: true
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-amz-cf-id: -PzL7mepJN37D8HKHrruRmEZ_Egt8Zxxnz9eeVaxHm0FtfiTHMYMsA==

GET
H2 200 prebid-ca15ee8536823af6754149175f80d9ca.js Show response
cdn.fuseplatform.net/prebid/ 200 KB
62 KB 15ms
14ms Script
application/x-javascript 2a02:26f0:480:f::213:7ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/prebid/prebid-ca15ee8536823af6754149175f80d9ca.js
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9b2c3e96147e12d5456821714ff2369124c4a8747f7a78e78f16858abaf0a3fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: gzip
last-modified: Tue, 07 Mar 2023 01:07:55 GMT
server: AkamaiNetStorage
etag: "6927135cb9dc0b0e816b7d8d64e074d0:1678151275.293463"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=86400000
accept-ranges: bytes
content-length: 62758
expires: Wed, 18 Feb 2026 02:07:10 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 75 KB
25 KB 81ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14f840e477182559070c452f1029d759fed71d8998126cf7e1bc88a5639fb7c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25199
x-xss-protection: 0
server: cafe
etag: 395 / 19502 / 31074846 / config-hash: 16124004075474170804
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 25 May 2023 02:07:10 GMT

GET
H2 200 noconsent Show response
cdn.fuseplatform.net/telemetry/ 1 B
263 B 43ms
9ms Fetch
text/plain 2a02:26f0:480:f::213:7ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fuseplatform.net/telemetry/noconsent?v=1&ttm=1684980430092&cookie=true&res=1600x1200&device=desktop&browser=chrome&fuuid=78c0fed0-27e0-591e-974c-1d54e27af1e5&fid=2990&pubid=7&url=https%3A%2F%2Fbad.cards%2F&sid=7eaa51ad14c3dc222421&srate=100&adserver=gpt&etm=1839&e=fuse-load
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 2d711642b726b04401627ca9fbac32f5c8530fb1903cc4db02258717921a4881

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: gzip
last-modified: Wed, 10 Aug 2022 11:31:51 GMT
server: AkamaiNetStorage
etag: "9dd4e461268c8034f5c8564e155c67a6:1660131111.248793"
vary: Accept-Encoding, Accept-Encoding, Origin
content-type: text/plain
access-control-allow-origin: https://bad.cards
cache-control: max-age=1800
accept-ranges: bytes
content-length: 21
expires: Thu, 25 May 2023 02:37:10 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 35ms
13ms XHR
application/json 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20230525

Requested by

Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/prebid/prebid-ca15ee8536823af6754149175f80d9ca.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8fc093e7cbf9a0127241a960e04d59b7827b726ce5e32b56829e9a7f954a523f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://bad.cards/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 25 May 2023 02:07:10 GMT
x-content-type-options: nosniff
content-encoding: br
age: 36382
x-jsd-version: 1.0.1704
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 840
x-served-by: cache-fra-eddf8230037-FRA
x-jsd-version-type: version
etag: W/"63b-TLjQXUebWoirB5WnFMx+sOnRFsw"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 choice.js Show response
cmp.quantcast.com/choice/PRrmquD1Ggcb1/bad.cards/ 10 KB
4 KB 42ms
15ms Script
application/javascript 2600:9000:211e:c000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/choice/PRrmquD1Ggcb1/bad.cards/choice.js?tag_version=V2
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:c000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bdac68294ee1f89d0d32a920adb9cabc2ec217f6b11a27771cd6687da4d1ce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:06:41 GMT
content-encoding: br
via: 1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
last-modified: Fri, 19 May 2023 10:51:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 30
x-amz-server-side-encryption: AES256
etag: W/"96ba7511e31bec393e970423895eab7f"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-amz-cf-id: MDdO0P94rwycstPgnHVl9or_xa7Cxfe8zPWhBG7x4RJebfVcCmHUbQ==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305220101/ 404 KB
125 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305220101/pubads_impl.js?cb=31074846

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af07705eb7e434ddc33426eb84d9ba31bba2b5cc9d022239df1c1376e437f1d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 17:16:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31836
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127485
x-xss-protection: 0
server: cafe
etag: 17275677167730277524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 23 May 2024 17:16:34 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 116 B
102 B 45ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=bad.cards

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00eb8e2b55f79ebb5718c9103cff7f1a1b35ac48a1e0cec903e1a6676aee5570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77
x-xss-protection: 0
expires: Thu, 25 May 2023 02:07:10 GMT

GET
H2 200 cmp2.js Show response
cmp.quantcast.com/tcfv2/46/ 178 KB
47 KB 11ms
10ms Script
text/javascript 2600:9000:211e:c000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/46/cmp2.js?referer=bad.cards
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/choice/PRrmquD1Ggcb1/bad.cards/choice.js?tag_version=V2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:c000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d91ffbdea8ecad30d07d2b6a979be09556cc16c50bc643fd96c749b2621c14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 14:05:43 GMT
content-encoding: gzip
via: 1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 129688
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Wed, 08 Feb 2023 17:32:16 GMT
server: AmazonS3
etag: W/"15d537792bfc5eb18136ef129a7ec0a5"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
x-amz-meta-qc-ineu: True
vary: Accept-Encoding
x-amz-cf-id: 5X2DFKJQRSBkuy9N3NkX_hKCohsyu0ldizW5pP9degtMDXe-GX6f0A==

GET
H2 200 cmp-list.json Show response
test.cmp.quantcast.com/GVL-v2/ 10 KB
3 KB 91ms
13ms XHR
application/json 2600:9000:225e:5000:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.cmp.quantcast.com/GVL-v2/cmp-list.json
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/46/cmp2.js?referer=bad.cards
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:5000:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7174a8bff46f7c25aa0167fbf071096b488058459bf9d555ddd592ceea171804

Request headers

Accept: application/json, text/plain, */*
Referer: https://bad.cards/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 16:16:25 GMT
x-amz-version-id: EA_SjBSkshypkIlfN0HhjKy2zyQuHOeN
content-encoding: gzip
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 121846
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 14 May 2023 19:52:29 GMT
server: AmazonS3
etag: W/"1b98afd5dc64e23911ff6ddbdf668803"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: pELNWnPI56vSpuHqKqCt5HN3Amgs-7Albx7TTxvCzY9_gTnr7G1UaA==

GET
H2 200 tag Show response
btloader.com/ 60 KB
15 KB 57ms
22ms Script
application/javascript 2606:4700:20::ac43:4686
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5708166709903360&upapi=true
Requested by: Host: cdn.fuseplatform.net
URL: https://cdn.fuseplatform.net/publift/tags/2/2990/fuse.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d81d9da53a4d9799f01718789958edbbbdcf5d48d996133231f0af7750a1a0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 25 May 2023 01:32:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1914
etag: W/"86150bce51b1b212d026866e500dff2a"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8wmEQ9YBq%2Bq9fQHzSsA0VStm4Op7pr9C43NfLggJQxg66idl%2FOkeTEAZyjlpWEL5yFxa8IhDuOyyNzdAz%2FnvHttYYzmbL78A7YFwKeMUZmksNRvf5bDkOyZp5S%2BpRacHCu3cmJyDo1SQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7cca39298d68362c-FRA

GET
H2 200 cmp2ui-en.js Show response
cmp.quantcast.com/tcfv2/46/ 248 KB
60 KB 8ms
8ms Script
text/javascript 2600:9000:211e:c000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/46/cmp2ui-en.js
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/46/cmp2.js?referer=bad.cards
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:c000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b15c094a683c050f4de3a028a8d461c800b7b8af0159eccfb27bbfb36563982c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 14:05:39 GMT
content-encoding: br
via: 1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 129692
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
cross-origin-resource-policy: cross-origin
last-modified: Wed, 08 Feb 2023 17:32:24 GMT
server: AmazonS3
etag: W/"56cdb8d3d5e2ab2d10d42277297ff84e"
access-control-max-age: 604800
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: id7gQivPN2Es6G_J0nwpn6qdgXrb5bYyGqIPWI1KJosh_AtGE-WeQg==

GET
H2 200 vendor-list-trimmed-v1.json Show response
cmp.quantcast.com/GVL-v2/ 353 KB
47 KB 17ms
17ms XHR
application/json 2600:9000:211e:c000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/46/cmp2.js?referer=bad.cards
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:c000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8349ae84e43385b10a3136a19a144431576572d3063a9fe1218ddef8274160a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 03:00:36 GMT
content-encoding: gzip
via: 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 83195
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 23 May 2023 16:34:52 GMT
server: AmazonS3
etag: W/"b36ed5d046a96b3b9448cf0c5e34bcd0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: iCy9XwlQvB-7nwbhsSqqqfYNkGEPGsOyBpn-8Htt50tTCS9tyEmltw==

GET
H2 200 google-atp-list.json Show response
cmp.quantcast.com/tcfv2/ 151 KB
37 KB 20ms
20ms XHR
application/json 2600:9000:211e:c000:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/google-atp-list.json
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/46/cmp2.js?referer=bad.cards
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:c000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b

Request headers

Accept: application/json, text/plain, */*
Referer: https://bad.cards/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 03:00:30 GMT
content-encoding: gzip
via: 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 83201
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 24 May 2023 03:00:26 GMT
server: AmazonS3
etag: W/"1dbfd79d4ea7f69c0c42a2f6065532e7"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: KarGX84wz8KoQ_CW07zSNTbkt9gV44c3IkRDhtQWojXlVfRUj9LCeg==

GET
H2 200 px.gif
ad-delivery.net/ 43 B
338 B 67ms
15ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 546389
x-guploader-uploadid: ADPycdv8qge5fWlwp9rZXF6LbyExXl2o9Iy5jHQbOEZ0qlQxv_isrzPT7gE5TvR4yPQIXKy-veOtsiFQ4Jd5X0X9m6yejQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2FS8iEYweF4rJRFtrh9cCSK6mYrTiqii7C0c4Q7z22Lwi5zxv%2FzxQsX7o4WmlsNUUxwDwY0UtevpA2dQQ6nl5ooAIO%2FXxqHYRQYTXzmAxlMAiBVpUS7e4C7gKqxnxM1ZTkvlehDJCYfCjYU8dg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7cca392a29a1199b-FRA
expires: Thu, 18 May 2023 18:25:18 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
572 B 50ms
8ms Image
image/x-icon 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 17:17:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 25 May 2023 17:17:35 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
867 B 65ms
14ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.7186637713956392
Requested by: Host: bad.cards
URL: https://bad.cards/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 546389
x-guploader-uploadid: ADPycdv8qge5fWlwp9rZXF6LbyExXl2o9Iy5jHQbOEZ0qlQxv_isrzPT7gE5TvR4yPQIXKy-veOtsiFQ4Jd5X0X9m6yejQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IPROzrLzVwO1KJydt%2BYRj9FTTFjOGi%2BvRHMN0eH7GqSqDY0GTcqJJK1HmAjEZRt40T2FBM%2FGlWfu26xocEkteMDp7RxzmZD577sm9y%2FONv5qp3wKDkPu91Z4gtcTIa54hwGtqEj1NsuZCHdqwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7cca392a29a2199b-FRA
expires: Thu, 18 May 2023 18:25:18 GMT

GET
H2 200 / Show response
audit-tcfv2.cmp.quantcast.com/ 2 B
101 B 56ms
8ms XHR
text/plain 52.57.252.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%22PRrmquD1Ggcb1%22%2C%22domain%22%3A%22bad.cards%22%2C%22publisher%22%3A%22bad%20cards%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.46%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22QwZySuI2p7o7GfkbE%2Fv8VA%22%2C%22tagVersion%22%3A%22V2%22%2C%22clientTimestamp%22%3A1684980430432%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-7qvfrlvfyeh8rr01nna2%22%7D
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/46/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.252.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-252-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://bad.cards/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 25 May 2023 02:07:10 GMT
content-length: 2
content-type: text/plain; charset=utf-8

GET
H2 200 country Show response
api.btloader.com/ 16 B
203 B 167ms
121ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5708166709903360&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 168ms
122ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=00Pm6bBF&w=5151581165584384&o=5708166709903360&cv=2.1.11-3-gabc8642&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fbad.cards%2F&sid=xhFp2YdPwu&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5708166709903360&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 25 May 2023 02:07:10 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

POST
H2 200 page_view Show response
tracking.refersion.com/ 245 B
469 B 337ms
337ms XHR
application/json 2606:4700:4400::ac40:9ad3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.refersion.com/page_view

Requested by

Host: cdn.refersion.com
URL: https://cdn.refersion.com/refersion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ad3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d73755cfabc212aa6ca42efc1b5e4782537f9705228d05c15501dd0dae8f726

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://bad.cards/
accept-language: de-DE,de;q=0.9
Key: pub_a5fa57787d10daadcf9f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 25 May 2023 02:07:11 GMT
via: 1.1 e4c24b48777e46bf299a44e5b6560a32.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-cf-pop: CDG50-C2
x-amzn-requestid: b4ddd9a9-e083-4713-9ccb-219323a856f3
x-cache: Miss from cloudfront
x-amz-apigw-id: FdNgaHcVoAMF2Og=
server: cloudflare
x-amzn-trace-id: Root=1-646ec2cf-69562a175e909a7105e28717;Sampled=0;lineage=ecfbf259:0
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7cca392d1b8437f7-FRA
access-control-allow-headers: Refersion-Public-Key,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-cf-id: LFVeQXYRghQ5gP4mUK42V6IxpCltg286eOv58nE2zF75rVtXCuJb0Q==

OPTIONS
H2 200 page_view
tracking.refersion.com/ Frame 0
0 279ms
279ms Preflight
application/json 2606:4700:4400::ac40:9ad3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.refersion.com/page_view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ad3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: key
Access-Control-Request-Method: POST
Origin: https://bad.cards
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: Key,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 7cca392b5a5137f7-FRA
content-length: 0
content-type: application/json
date: Thu, 25 May 2023 02:07:10 GMT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
via: 1.1 e4c24b48777e46bf299a44e5b6560a32.cloudfront.net (CloudFront)
x-amz-apigw-id: FdNgXHkGoAMFyFQ=
x-amz-cf-id: v9sjX4DyiJwTp3ijzN6sv1AqQf6IcEjwyj9c1PKNqeuhi0vBoX2zHA==
x-amz-cf-pop: CDG50-C2
x-amzn-requestid: 48dcaa16-bf50-4a20-8132-052e086c2d51
x-cache: Miss from cloudfront

GET
H2 200 r.html Show response
pub-a5fa57787d10daadcf9f.tracking.refersion.com/ Frame 0F3F 474 B
1 KB 67ms
24ms Document
text/html 143.204.215.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-a5fa57787d10daadcf9f.tracking.refersion.com/r.html
Requested by: Host: cdn.refersion.com
URL: https://cdn.refersion.com/refersion.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-106.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 588794e29465c271a0ad76362f89ce1a8c3706e71fa8f906257377dc3bc27270

Request headers

Referer: https://bad.cards/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 8641
content-length: 474
content-type: text/html
date: Wed, 24 May 2023 23:43:10 GMT
etag: "4ee1a4f461751e9918a36adb0409d3f7"
last-modified: Wed, 22 Feb 2023 15:36:53 GMT
server: AmazonS3
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
x-amz-cf-id: aOzvzmlnH47uyrLYL1QV7W_jJ8lhtp68N_l6OXOKqWF9aWhRRjsT5Q==
x-amz-cf-pop: FRA53-C1
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:441910979855:build/Refersion-Tracking-Build:73628c93-f755-4b3d-8d5c-a1ebdbebadc0
x-amz-meta-codebuild-content-md5: 91ec5cf5fda69cb6cd86040e2dd38391
x-amz-meta-codebuild-content-sha256: 42d26243f1280db4b5fe4f14da9a93e79ee5c40ecaa56e39403c9417ef85fa11
x-amz-server-side-encryption: AES256
x-amz-version-id: Rv5XbA_iUkUdnH6Uf8VNfQGmC__6yAr7
x-cache: Hit from cloudfront

GET
H2 200 m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response
js.stripe.com/v3/ Frame 9CAA 200 B
1 KB 10ms
10ms Document
text/html 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://bad.cards/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 1036
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Thu, 25 May 2023 01:49:54 GMT
etag: "93afeeb17bc37e711759584dbfc50d47"
last-modified: Thu, 11 May 2023 20:01:43 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id: kq3_HuvVM8uE3feSvd18LaLAjwnrE5KSMIgyco9EJ6Tk0NFJl0yxNQ==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 46ms
46ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230522&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75e3302365c03b36daf11d6fbc6dc6979d901682d7131085cde1295d55a8348b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11181
x-xss-protection: 0

GET
H2 200 m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 9CAA 631 B
1 KB 24ms
23ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Thu, 25 May 2023 01:13:40 GMT
x-content-type-options: nosniff
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 3210
x-cache: Hit from cloudfront
content-length: 631
last-modified: Mon, 22 May 2023 20:13:05 GMT
server: Cloudfront
etag: "f8f6a4584135f737b26927596ce6e0a7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ZKarvtVFweu2_yZhREAMv-4kEBa4D5ThAaTJ99n1QJVX_Ie-xJqQUQ==

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 50ms
23ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 25 May 2023 02:07:10 GMT

POST
H2 200 csp-report
q.stripe.com/ Frame 9CAA 0
717 B 578ms
181ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 25 May 2023 02:07:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1684980431380104
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1684980431379683
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 9CAA 0
716 B 577ms
183ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 25 May 2023 02:07:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1684980431380398
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1684980431379719
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 46D8 930 B
2 KB 82ms
10ms Document
text/html 99.86.4.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.50 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-50.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 282
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Thu, 25 May 2023 02:02:29 GMT
etag: "fc2e029628f163bb59adc6fa5a31161c"
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-id: 2weaab6vnCWxy-LUCJ6wbZ6V4Xhx58bT5nujoVq0ewKMdEa3tmXpTw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H/1.1 200
OK xdlspma.min.js Show response
cdn.refersion.com/ Frame 0F3F 2 KB
3 KB 10ms
10ms Script
application/x-javascript 143.204.215.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.refersion.com/xdlspma.min.js
Requested by: Host: pub-a5fa57787d10daadcf9f.tracking.refersion.com
URL: https://pub-a5fa57787d10daadcf9f.tracking.refersion.com/r.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-106.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bd3a2ff5820c53c4fba21ec7beb8c3b752875693f720ba4a2e70a35b9d75dbdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-a5fa57787d10daadcf9f.tracking.refersion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: h14.0Y4Yu1Xl18Mzw0OfX4nX_K4xt4TO
Date: Wed, 24 May 2023 14:21:11 GMT
Via: 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Age: 42361
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:441910979855:build/Refersion-Tracking-Build:73628c93-f755-4b3d-8d5c-a1ebdbebadc0
X-Cache: Hit from cloudfront
Connection: keep-alive
x-amz-meta-codebuild-content-md5: 91ec5cf5fda69cb6cd86040e2dd38391
Content-Length: 2152
Last-Modified: Wed, 22 Feb 2023 15:36:54 GMT
Server: AmazonS3
ETag: "66303cfc2f88333c918052f78b6d0215"
x-amz-meta-codebuild-content-sha256: 42d26243f1280db4b5fe4f14da9a93e79ee5c40ecaa56e39403c9417ef85fa11
Content-Type: application/x-javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: lB98o7NA7TYfR5buouLRE9w5_wIOkj3MrTqW3bXzfUoviDke1i3VVw==

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3FEA 13 KB
5 KB 11ms
8ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bad.cards/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 261
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 25 May 2023 02:02:49 GMT
expires: Fri, 24 May 2024 02:02:49 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 54F9 783 B
1 KB 65ms
20ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fd80c6fc52502ecc06f87c0a401967a251207c92fa9d2dbebfb73652e2677302

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ggxN0AM01GpqGH_VOO0H0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bad.cards/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-ggxN0AM01GpqGH_VOO0H0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 25 May 2023 02:07:11 GMT
expires: Thu, 25 May 2023 02:07:11 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js Show response
pagead2.googlesyndication.com/bg/ Frame 3FEA 37 KB
14 KB 20ms
8ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4kQu0tD4hSA-hVARc1fzzODE0daF2Vy-bPLW9uau78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 20:55:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 105071
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14738
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 May 2024 20:55:59 GMT

POST
H2 200 csp-report
q.stripe.com/ Frame 46D8 0
490 B 477ms
182ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: bad.cards
URL: https://bad.cards/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 25 May 2023 02:07:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1684980431380528
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 0
x-stripe-client-envoy-start-time-us: 1684980431379906
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.42.js Show response
m.stripe.network/ Frame 46D8 86 KB
14 KB 13ms
12ms Script
text/javascript 99.86.4.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.42.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.50 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-50.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Thu, 25 May 2023 02:07:03 GMT
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"21df7244385e5c0bdf32da01d0dad6c0"
age: 8
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: dOb0mRA2WkRMd0EXMGMd8xzJMJTaWg9nJgaA5FbECCDkq_nzRKlt5g==

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 54F9 0
0 43ms
42ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230522&jk=3658743130442044&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

POST
H2 200 6 Show response
m.stripe.com/ Frame 46D8 156 B
669 B 587ms
209ms XHR
application/json 52.40.204.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.40.204.112 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-40-204-112.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

130b606008e3cf633aeeb518c81ab7500db7668e895db2fb1479f1c3d5127e8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Thu, 25 May 2023 02:07:11 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1684980431600520
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 8
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1684980431600251
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3FEA 0
10 B 8ms
7ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AsND2w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:07:11 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 46ms
44ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230522&jk=3658743130442044&bg=!4-Cl4LTNAAZ8_aWmXP07ADkAdvg8Ws4umWLvKRRauc6JAkHf4EqmvF3VExKO791M5RxCnRw3iJ9N9J7YiePVnnsuqm_yGD7kvegCAAAAwFIAAAADaAEHCgB8RjJRPHsn5YVcnYakHU51tYy58gbBRNclJ7TwPmDnOwt98427igLeCT3z32F6JQYVRpwEzjSw2p7Cdh9SWch55ezz8Cqsin_vowHcV7SGkgBK2ZDudCzWea6VLNXjJXZi_NuNWZXwZ34c2Uvxah-t0bKeHrsVRUjUbnQiU5kCjwz7JdUbYVN8H-IESpgNXZP4ll0qsruGHlhsMVkd4eXH2pCm7l1QBsp6g83cf_RtsVw7L_6Rktsxx80tGU9sWRVzBAIyKKQcicPUl4_vktmrwZdanHFeuwVXBT6gSVN5oWMg-HPz8UXy-bWbrtMJPC1wlr0knu4CkhKh6wCM_VUSeGo8qoFcLiVi4vaOKSqL5GOqHVIJOpdC1m-X0ZG_zeYYZdTBd6qYgsp6wsPJMpPygdrHDAl7tN8C1Sl8qokUSd0FiykUoAXqcl3NibqkQYmphCuIcaw02Li1kqjvk1In3RwQCp3vMONnEXtYMAwGm_17euw0WRg_Fns9dWDX4_TQ7CSmk-KiXzAJy0B8aIZeBKAZdojMZi3DObFfHUP0ZDMCIGHNZFkz-wP-yn0qEnKGIxk1GMhJM5SNCDH01Oa1cTwgxtHwRWWI0Ixi4KmRgFJNl128WrM_qEuzyvmvMJ6_IdmLt1phy5U5FP6MFS1ublbABB_Ozeog1C0lu0407nICoGqWxJQX3uF1avHzXKF9ZvfLMzpZR-D44yLxivHqHobxo9YtIsqjfYtYYjfo99H0G2EOAqXBUGf2Mc7cmCvGLGGdZdG9Dtgosjo-g6YxPhtQawNscBGkie98UE24sfDlyyZ10-tyaiS9N6nDz08aigd3p9LlqVdGEFTqE8mEk0kbgSYyUrYup_d_fXkZaH3UB-ZadxSycW0t1AA7cEnBxupY7lc_zeNKqcfoQXT75aQDEE6XiPrq25JyyLPCpPXB99vaNRLZjGO1Z_PjxPSKRvnPp7OJxdtzmXLcLNrrbmFZK0xylJOa67-h9g6MqpyViHBtnsgeHO-Z9ApAogE8GfB0EU9gbtZ--wYhBdw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bad.cards/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bad.cards/	1970-01-20 21:39:00	Name: _ga_N3BGZ4J7BJ Value: GS1.1.1684980429.1.0.1684980429.60.0.0
.bad.cards/	1970-01-20 21:39:00	Name: _ga Value: GA1.1.2065172272.1684980430
.bad.cards/	1970-01-20 21:39:00	Name: playerSecret Value: a4d98caa83084ea32262fd72427dfc7f39270083a94ea5d20961688e3eda0af07872926ab910be093bb1e1436086f5960af77c8e3ead98b09af9990a30d8f241
.bad.cards/	1970-01-20 21:39:00	Name: playerGuid Value: 5S8Mru-ZEooYaeCWQBat2
.doubleclick.net/	1970-01-20 12:03:01	Name: test_cookie Value: CheckForPermission
.bad.cards/	1970-01-20 21:24:36	Name: __gads Value: ID=1186e226d439c546-229708d5e7dd0003:T=1684980430:RT=1684980430:S=ALNI_Ma3_zuwXuEpFqfNeFz6CNJATbWggQ
.bad.cards/	1970-01-20 21:24:36	Name: __gpi Value: UID=00000c3244bd7e34:T=1684980430:RT=1684980430:S=ALNI_MYSxmv8FjR8JQimXX8elkSdHjJu1Q
m.stripe.com/	1970-01-20 21:39:00	Name: m Value: c5c81d06-b102-499d-b9f9-00b4b9bd6622786c0a
.bad.cards/	1970-01-20 20:48:36	Name: __stripe_mid Value: c9aabfd3-ff62-4ebf-9788-9a8a0d899ccca38d9c
.bad.cards/	1970-01-20 12:03:02	Name: __stripe_sid Value: 72dee22a-4214-4af3-9f57-05732a05728eaaf0d5

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
javascript	warning	URL: https://bad.cards/ Message: The resource https://bad.cards/logo-small.png?2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://bad.cards/ Message: The resource https://bad.cards/fonts/Stacion-Regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://bad.cards/ Message: The resource https://bad.cards/fonts/GinJus-Regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-delivery.net
ad.doubleclick.net
adservice.google.com
adservice.google.de
api.btloader.com
audit-tcfv2.cmp.quantcast.com
bad.cards
btloader.com
cdn.fuseplatform.net
cdn.jsdelivr.net
cdn.refersion.com
cmp.quantcast.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js.stripe.com
m.stripe.com
m.stripe.network
pagead2.googlesyndication.com
partner.googleadservices.com
pub-a5fa57787d10daadcf9f.tracking.refersion.com
q.stripe.com
region1.analytics.google.com
securepubads.g.doubleclick.net
static.bad.cards
stats.g.doubleclick.net
test.cmp.quantcast.com
tpc.googlesyndication.com
tracking.refersion.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
130.211.23.194
142.250.186.102
143.204.215.106
2001:4860:4802:34::36
2600:9000:211e:c000:9:46dc:4700:93a1
2600:9000:225b:ea00:18:28e9:8880:93a1
2600:9000:225e:5000:3:a4cd:8380:93a1
2606:4700:20::681a:e02
2606:4700:20::681a:f02
2606:4700:20::ac43:4513
2606:4700:20::ac43:4686
2606:4700:4400::ac40:9ad3
2a00:1450:4001:803::2002
2a00:1450:4001:803::2004
2a00:1450:4001:806::2003
2a00:1450:4001:809::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9d
2a02:26f0:480:f::213:7ec4
2a04:4e42:400::485
52.40.204.112
52.57.252.54
54.186.23.98
99.86.4.50
99.86.4.76
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00eb8e2b55f79ebb5718c9103cff7f1a1b35ac48a1e0cec903e1a6676aee5570
01ab2327de9853adabf2a07a2aac4ae735a33ab96bcbef3f624da170b011087c
0c70df35c1681e304a82d13f24d9f50933ea33525bc52eae86fb50db5fa8044d
0d81d9da53a4d9799f01718789958edbbbdcf5d48d996133231f0af7750a1a0b
130b606008e3cf633aeeb518c81ab7500db7668e895db2fb1479f1c3d5127e8d
14f840e477182559070c452f1029d759fed71d8998126cf7e1bc88a5639fb7c5
1e61bceafc4f99402741de39a43204c0ba0c700165e409b7bd5beed542c552d9
1e77f48d11c58959d5129845bf10ce5cc3fbcfb502b8c0fa690946011927d48a
2450511bf31bc5ca90dd61a874e3e3ba3aa014684cc3adce74acd1442bdcd293
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
2d711642b726b04401627ca9fbac32f5c8530fb1903cc4db02258717921a4881
31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b
3cf88b31f0b9f5b69f46282b449b0182729613b97b18f87d110b1886b6e354e6
544014704e44a2a2dbe171c90a91208a68f6e0470fbed2f3daef43645ee122ac
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
569372e1e0097ae982108a5ce953a33214448a0f5a32ccf5bda05e9918d7d103
588794e29465c271a0ad76362f89ce1a8c3706e71fa8f906257377dc3bc27270
5d91ffbdea8ecad30d07d2b6a979be09556cc16c50bc643fd96c749b2621c14a
5df3be089e223cf8c4656f65ff3fe6d0a66c4e5a04f4dff8f9e3ec6cb79d4705
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6433bb29063bf8ef44e9e8ca2037b3098cb815a7edc999d89508b5fd33f7aff9
6564c2dc29a6e72c15675e83a2f4f6d71cc92ea8f286edf6d2be504f40e2210f
6bdac68294ee1f89d0d32a920adb9cabc2ec217f6b11a27771cd6687da4d1ce1
6f8910bb4b43e21480fa154045cd5fcf338313475a176572f9b3cb5bdb9abbbf
7174a8bff46f7c25aa0167fbf071096b488058459bf9d555ddd592ceea171804
71a52055d191a81c25e2f9721b96e9daaa1438ab4724614c0540d51d98efd52a
75e3302365c03b36daf11d6fbc6dc6979d901682d7131085cde1295d55a8348b
8349ae84e43385b10a3136a19a144431576572d3063a9fe1218ddef8274160a0
8752f25daa51cdfba52ac4630299871965531719aac14b67e317317ca6d6ee8c
8fc093e7cbf9a0127241a960e04d59b7827b726ce5e32b56829e9a7f954a523f
95926ffbdb25e8fb63a6a44396cf79efda083ec5b1861f85324d6cff216e9566
95fa7ac51b31d3796723d8175249f59d3fe2410d397fc5a5bd892421ccf2f9bf
9b2c3e96147e12d5456821714ff2369124c4a8747f7a78e78f16858abaf0a3fa
9d73755cfabc212aa6ca42efc1b5e4782537f9705228d05c15501dd0dae8f726
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a37716b0319deda3a44563d20c5d45c3cf4e4abd5e560d5c07140c8da368f8f1
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a825cc978c972912e65bdc6886b656a41d85241e249667fb8ea0fe385e1f2f59
ad0164b4b831605b7e1908c2f7d0b818f2d7f7e55770471ca71c49a1e56e5376
ad2d80f11e6bfd6808f43ef7096e0586f4843ecb67337904253692666bf012ec
adef5b3fe9e214dda41a5a8825f02b0e0f46be35720fb5fc849fbe224142e59f
af07705eb7e434ddc33426eb84d9ba31bba2b5cc9d022239df1c1376e437f1d7
b15c094a683c050f4de3a028a8d461c800b7b8af0159eccfb27bbfb36563982c
bd3a2ff5820c53c4fba21ec7beb8c3b752875693f720ba4a2e70a35b9d75dbdd
c2bc30f79ef0c22dcaa23579383d0e33ea940b43f880af551efa77c616cbccf4
c3c8a4e8fa41a805ab29d9a608fd6432f648677933fa767305177363dbb3571f
c9992c6eea425cc0825d6c5b5755176ca0fb9f281bcfe4e2cca1f8d6815da8c9
ca4d20d5e7f10dbd17be081654ffb7af4f2e7bbeb5cdea6324d19236690d14e9
cdff1df570321b1b3b4312ed1f7ce8245b9071642ecb523d0682f962e196784b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0fa6b780967f67a13f45dec19174215745b2adb190f4a76da7c3a72245af4be
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9ca1f96ff7ba29afd8520b80dbff93a386d205d07c6be3025fd17c1208108b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea4ff7a90009d4247aec018135ce2d2b8d8a733ca5560b507dda6d07e854b7e8
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02d21a2f2f0e91ee9eae1dc386cf82e4609a27c867acbbd5ff9d061d05f55b8
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f85fa979ce48121c43d0f46cd5d163e092ce7aaa1ecdbc7c50baea412c5d76a4
f981d45f43f1c90fd39472e1ed4648205e69ffecbab12cc93eb057ca87276dce
fd80c6fc52502ecc06f87c0a401967a251207c92fa9d2dbebfb73652e2677302

bad.cards Open in urlscan Pro 2606:4700:20::681a:f02 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

86 Requests

100 %HTTPS

76 %IPv6

17 Domains

33 Subdomains

32 IPs

3 Countries

2773 kBTransfer

7033 kBSize

10 Cookies

4 Outgoing links

Page URL History

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bad.cards Open in urlscan Pro
2606:4700:20::681a:f02 Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

100 %
HTTPS

76 %
IPv6

17
Domains

33
Subdomains

32
IPs

3
Countries

2773 kB
Transfer

7033 kB
Size

10
Cookies

86 HTTP transactions
0 data transactions