www.geradordefakenews.com Open in urlscan Pro
62.72.62.250 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.geradordefakenews.com/
Submission Tags: falconsandbox
Submission: On November 28 via api (November 28th 2023, 7:40:02 pm UTC) from US — Scanned from DE

Summary HTTP 53 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 18 domains to perform 53 HTTP transactions. The main IP is 62.72.62.250, located in Germany and belongs to AS-HOSTINGER, CY. The main domain is www.geradordefakenews.com.
TLS certificate: Issued by R3 on November 9th 2023. Valid for: 3 months.

This is the only time www.geradordefakenews.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
10	62.72.62.250 62.72.62.250	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	142.250.185.72 142.250.185.72	15169 (GOOGLE) (GOOGLE)
1	142.250.185.106 142.250.185.106	15169 (GOOGLE) (GOOGLE)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	157.240.252.13 157.240.252.13	32934 (FACEBOOK) (FACEBOOK)
10	139.45.197.251 139.45.197.251	9002 (RETN-AS) (RETN-AS)
4	104.22.28.80 104.22.28.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	93.184.220.66 93.184.220.66	15133 (EDGECAST) (EDGECAST)
2	216.239.36.178 216.239.36.178	15169 (GOOGLE) (GOOGLE)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
2	64.233.166.155 64.233.166.155	15169 (GOOGLE) (GOOGLE)
1	142.250.74.195 142.250.74.195	15169 (GOOGLE) (GOOGLE)
1	142.250.186.138 142.250.186.138	15169 (GOOGLE) (GOOGLE)
1	142.250.184.196 142.250.184.196	15169 (GOOGLE) (GOOGLE)
1	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
3	104.18.42.100 104.18.42.100	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
1	157.240.252.35 157.240.252.35	32934 (FACEBOOK) (FACEBOOK)
2	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
53	21

10 62.72.62.250 (Germany)

ASN47583 (AS-HOSTINGER, CY)

www.geradordefakenews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)

pertawee.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.22.28.80 (None, )

ASN13335 (CLOUDFLARENET, US)

storage.ko-fi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 93.184.220.66 (London, United Kingdom)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.36.178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.166.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.195 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f195.1e100.net

www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.42.100 (None, )

ASN13335 (CLOUDFLARENET, US)

scripts.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ui.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
call.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.252.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	pertawee.net pertawee.net — Cisco Umbrella Rank: 108580	60 KB
10	geradordefakenews.com www.geradordefakenews.com	192 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1186 syndication.twitter.com — Cisco Umbrella Rank: 1447	148 KB
4	ko-fi.com storage.ko-fi.com — Cisco Umbrella Rank: 50663	10 KB
3	cleverwebserver.com scripts.cleverwebserver.com — Cisco Umbrella Rank: 25910 ui.cleverwebserver.com — Cisco Umbrella Rank: 26783 call.cleverwebserver.com — Cisco Umbrella Rank: 27405	48 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 933	137 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	405 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3040 www.google.com — Cisco Umbrella Rank: 2	662 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	88 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364 fonts.googleapis.com — Cisco Umbrella Rank: 31	95 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	147 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11206	552 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	15 KB
1	gstatic.com fonts.gstatic.com	28 KB
1	google.nl www.google.nl — Cisco Umbrella Rank: 10244	409 B
1	google.de www.google.de — Cisco Umbrella Rank: 6862	409 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	6 KB
53	18

	Domain	Requested by
10	pertawee.net	www.geradordefakenews.com pertawee.net
10	www.geradordefakenews.com	www.geradordefakenews.com
4	platform.twitter.com	www.geradordefakenews.com platform.twitter.com
4	storage.ko-fi.com	www.geradordefakenews.com storage.ko-fi.com
2	static.xx.fbcdn.net	www.facebook.com
2	syndication.twitter.com	platform.twitter.com www.geradordefakenews.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.geradordefakenews.com connect.facebook.net
2	www.googletagmanager.com	www.geradordefakenews.com www.googletagmanager.com
1	call.cleverwebserver.com	www.geradordefakenews.com
1	ui.cleverwebserver.com	www.geradordefakenews.com
1	my.rtmark.net	www.geradordefakenews.com
1	www.facebook.com	connect.facebook.net
1	fonts.gstatic.com	fonts.googleapis.com
1	scripts.cleverwebserver.com	www.geradordefakenews.com
1	www.google.nl	www.geradordefakenews.com
1	www.google.com	www.geradordefakenews.com
1	fonts.googleapis.com	storage.ko-fi.com
1	www.google.de	www.geradordefakenews.com
1	region1.analytics.google.com	www.googletagmanager.com
1	cdnjs.cloudflare.com	www.geradordefakenews.com
1	ajax.googleapis.com	www.geradordefakenews.com
53	23

This site contains links to these domains. Also see Links.

Domain
api.whatsapp.com
ko-fi.com

Subject Issuer	Validity	Valid
geradordefakenews.com R3	`2023-11-09` - `2024-02-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-07` - `2023-12-06`	3 months	crt.sh
pertawee.net R3	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
cleverwebserver.com Cloudflare Inc ECC CA-3	`2023-08-06` - `2024-08-04`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
syndication.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-19` - `2024-09-17`	a year	crt.sh
rtmark.net R3	`2023-10-07` - `2024-01-05`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.geradordefakenews.com/
Frame ID: 95AA6A6A65AEA0D412E1471AB5BD68F5
Requests: 44 HTTP requests in this frame

Frame: https://www.facebook.com/v7.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b71f7b3e11ed8%26domain%3Dwww.geradordefakenews.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.geradordefakenews.com%252Ff335c72d3a4a84c%26relation%3Dparent.parent&container_width=380&href=https%3A%2F%2Fwww.geradordefakenews.com%2F&layout=button_count&locale=pt_BR&sdk=joey&size=small
Frame ID: 34A8BA4B1C6F00637E60E9985833CAAC
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fwww.geradordefakenews.com
Frame ID: 10B85847AFB930101A3ACF217FA170C0
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6E8EE2BBE8D5CE4867FC599E41D1079B
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.d37472b4a6622d0b1fff46ad904f6896.pt.html
Frame ID: 3FC32B2EEB25EFE614F9CF075D31F2D2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gerador de Fake News | Crie sua pegadinha

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

53
Requests

100 %
HTTPS

0 %
IPv6

18
Domains

23
Subdomains

21
IPs

4
Countries

997 kB
Transfer

2726 kB
Size

6
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://api.whatsapp.com/send?text=Olha%20isso:
Title: Compartilhar link pelo Whatsapp

Search URL Search Domain Scan URL

URL: https://ko-fi.com/H2H53WVPM
Title: Gostou? Pague um café pro dev!

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.geradordefakenews.com/ 72 KB
28 KB 1720ms
344ms Document
text/html 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.2.34

Resource Hash

bc74adc7f730c185a4218ad2c993e34da92376e1cc7484ce24ab299e9dc89f27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 28576
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 28 Nov 2023 19:39:48 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/7.2.34

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 1063ms
184ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-167879703-1

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

90e2de529ed31ec95641f37530396ff54eb18345a6098a0351fe1048a681e55b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68757
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Nov 2023 19:39:49 GMT

GET
H2 200 gerador.js Show response
www.geradordefakenews.com/ 181 KB
69 KB 1211ms
1211ms Script
application/x-javascript 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geradordefakenews.com/gerador.js

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

3b873dfa21ab70a40e6928888eb9abb76463d8edebc1f85bf8c5f795ca69e081

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:49 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 28 Nov 2023 16:31:33 GMT
server: LiteSpeed
etag: "2d2d3-656615e5-e9937586ef617019;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 70775
expires: Tue, 05 Dec 2023 19:39:49 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1/ 94 KB
94 KB 804ms
175ms Script
text/javascript 142.250.185.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f10.1e100.net

Software

sffe /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 22 Nov 2023 17:08:40 GMT
x-content-type-options: nosniff
age: 527469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95786
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2024 17:08:40 GMT

GET
H2 200 reset.css
www.geradordefakenews.com/ 1 KB
618 B 2995ms
2994ms Stylesheet
text/css 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geradordefakenews.com/reset.css

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

ed555a279183c054222c873e78d92c40b512498e49359b6abfda36048f141988

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:49 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 11 Oct 2022 22:21:51 GMT
server: LiteSpeed
etag: "444-6345ec7f-2c9cfd0888f3bac5;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 525
expires: Tue, 05 Dec 2023 19:39:49 GMT

GET
H2 200 estilos.css
www.geradordefakenews.com/ 19 KB
4 KB 2995ms
2995ms Stylesheet
text/css 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geradordefakenews.com/estilos.css

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a1d34b0ceaf5ff187d50d8bbba23e0f783afd118c999a3d9d2fb6668452155d4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:49 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 28 Nov 2023 16:35:53 GMT
server: LiteSpeed
etag: "4bb6-656616e9-7782f1318c2f6c66;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3797
expires: Tue, 05 Dec 2023 19:39:49 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 787ms
123ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 64943
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VghDaWQXGZppdEfEYm8dd6uw8GzQTFU6FMmTsSw6QGzzgBY3r8uGEJUPz6LoVxThzXUNvKULXLxMD%2BwMJ9c8v70cx2PvNp9CZX6fEPOY8WQfqDyflWGBOTva9Q5oV8VD1ztweO9O"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82d51446ea811d86-FRA
expires: Sun, 17 Nov 2024 19:39:50 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/pt_BR/ 3 KB
2 KB 736ms
136ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pt_BR/sdk.js

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

84e7cadaf752f5b308495cc51fdafad5449aa921d7bb5a79acab09d40eaafd50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.geradordefakenews.com/
Origin: https://www.geradordefakenews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 19:39:53 GMT
content-md5: cQY+SVtgJ5nsXeZZr4S8jg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints
x-fb-debug: 5/JXjxHqkiQfmL5HLuF46Gnp0IGTrYm/bmFxmJMDsFbidnHT9MP+V6PyMttf62BxZD2NsjTS/DGkpP6OF8smyg==
x-fb-content-md5: 3793014a65ee18906ac2a21df638e211
cross-origin-opener-policy: same-origin-allow-popups
etag: "a56c007dc2cc1763ee6d27327c628c20"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Tue, 28 Nov 2023 19:58:19 GMT

GET
H2 200 logo.png
www.geradordefakenews.com/ 45 KB
45 KB 2996ms
2995ms Image
image/png 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geradordefakenews.com/logo.png

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

de91c27ad558aa3d85825d6c72cf89a6a18e68bad5d9978196bd3bd3b6df0121

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:49 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 11 Oct 2022 22:21:50 GMT
server: LiteSpeed
etag: "b2da-6345ec7e-814ff6c734777db7;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 45786
expires: Tue, 05 Dec 2023 19:39:49 GMT

GET
H2 200 ntfc.php Show response
pertawee.net/ 13 KB
6 KB 510ms
104ms Script
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pertawee.net/ntfc.php?p=4652689
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 43620d4167eed0aae2c452914018932e583aef5579f88ce738766f5cbfd5cb7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:53 GMT
content-encoding: gzip
last-modified: Mon, 27 Nov 2023 13:38:02 GMT
server: nginx
etag: W/"65649bba-32de"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 Widget_2.js Show response
storage.ko-fi.com/cdn/widget/ 3 KB
2 KB 800ms
131ms Script
application/javascript 104.22.28.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.ko-fi.com/cdn/widget/Widget_2.js
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.28.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc8cc7536bf94d03004fa21c405a2281878fb1296a61a9dfeb55cc27a53c6ca1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 28 Nov 2023 19:39:50 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: OrvIUQF0Mg8EkV9ejBdWSw==
age: 1702
cf-polished: origSize=3628
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Mon, 24 Oct 2022 16:33:26 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a45caea3-001e-0020-2d15-1674fc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 82d51449fa9e4d52-FRA

GET
H2 200 personalizadoverde.png
www.geradordefakenews.com/ 737 B
867 B 4806ms
4806ms Image
image/png 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geradordefakenews.com/personalizadoverde.png

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

109b319351e682be42616513c58cbed6f023235515e875fb80ef7dabc4d99d49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://www.geradordefakenews.com/
Origin: https://www.geradordefakenews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:51 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 28 Nov 2023 16:29:17 GMT
server: LiteSpeed
etag: "2e1-6566155d-fcfb086133e1d52b;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 737
expires: Tue, 05 Dec 2023 19:39:51 GMT

GET
H2 200 barra_redessociais.png
www.geradordefakenews.com/ 3 KB
4 KB 2956ms
2955ms Image
image/png 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geradordefakenews.com/barra_redessociais.png

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a125ab37275fe746604e8140ee6319c0ee56b4a7c3515ce837fa10264c73d866

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:52 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 11 Oct 2022 22:21:43 GMT
server: LiteSpeed
etag: "de7-6345ec77-9abe397b0cc19bb8;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3559
expires: Tue, 05 Dec 2023 19:39:52 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 915ms
126ms Script
application/javascript 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB3) /
Resource Hash: 9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 19:39:53 GMT
Content-Encoding: gzip
Age: 850
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27598
Last-Modified: Mon, 09 Oct 2023 20:29:49 GMT
Server: ECS (amb/6BB3)
Etag: "391b7fdf0c468036f27102529636f0ca+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
80 KB 207ms
207ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2QFH9Z28KW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-167879703-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2d84af6b6a5e5da91a00ec3a6069d761f1ebc232ee8a79b49fc35749e9084e5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81403
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 19:39:52 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 799ms
121ms Script
text/javascript 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-167879703-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.36.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 17:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6615
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 28 Nov 2023 19:49:38 GMT

GET
H2 200 html2canvas.min.js Show response
www.geradordefakenews.com/ 161 KB
38 KB 3443ms
3443ms Script
application/x-javascript 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geradordefakenews.com/html2canvas.min.js

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/gerador.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

d2ca6269b778e4c7f46030aa5f03342143deeb77c06bd632856a6fa5e2e8bf1f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:52 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 11 Oct 2022 22:21:49 GMT
server: LiteSpeed
etag: "28411-6345ec7d-252f356a6965556e;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 38857
expires: Tue, 05 Dec 2023 19:39:52 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 796ms
130ms Ping
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-2QFH9Z28KW&gtm=45je3b81v9121905324&_p=1701200388804&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=584128364.1701200393&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1701200393&sct=1&seg=0&dl=https%3A%2F%2Fwww.geradordefakenews.com%2F&dt=Gerador%20de%20Fake%20News%20%7C%20Crie%20sua%20pegadinha&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5957
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2QFH9Z28KW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.geradordefakenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 797ms
129ms Ping
text/plain 64.233.166.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2QFH9Z28KW&cid=584128364.1701200393&gtm=45je3b81v9121905324&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2QFH9Z28KW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.166.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wm-in-f155.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.geradordefakenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
409 B 1151ms
168ms Image
image/gif 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2QFH9Z28KW&cid=584128364.1701200393&gtm=45je3b81v9121905324&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=218332615

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.195 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H2 200 / Show response
www.geradordefakenews.com/ 0
16 B 4897ms
4897ms XHR
text/html 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geradordefakenews.com/

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.2.34

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:53 GMT
content-security-policy: upgrade-insecure-requests
server: LiteSpeed
platform: hostinger
x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8

GET
H2 200 /
www.geradordefakenews.com/ 3 KB
3 KB 4106ms
4106ms Image
text/html 62.72.62.250
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geradordefakenews.com/

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

62.72.62.250 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.2.34

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
server: LiteSpeed
x-powered-by: PHP/7.2.34
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
platform: hostinger
content-length: 28576

GET
H2 200 css
fonts.googleapis.com/ 2 KB
891 B 1166ms
446ms Stylesheet
text/css 142.250.186.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Quicksand:400,700

Requested by

Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/widget/Widget_2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f10.1e100.net

Software

ESF /

Resource Hash

83ef0e9bf00ac7014e3f83fdc9e9e5aec1760ab5495f086e95ea0b0f8f4467c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 19:39:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:28:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 19:39:54 GMT

GET
H2 200 cup-border.png
storage.ko-fi.com/cdn/ 6 KB
6 KB 387ms
387ms Image
image/webp 104.22.28.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.ko-fi.com/cdn/cup-border.png
Requested by: Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/widget/Widget_2.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.28.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 457554ad286ecf6fd5f5e79e6c883602d57638d50f96fb060f6edc19de027834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 28 Nov 2023 19:39:53 GMT
cf-cache-status: HIT
content-md5: nt+i2V4lVEX5fauLp9jhTw==
age: 1365
cf-polished: origFmt=png, origSize=11273
content-disposition: inline; filename="cup-border.webp"
content-length: 6016
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri,csam-hash
last-modified: Sun, 23 Oct 2022 21:56:48 GMT
server: cloudflare
etag: 0x8DAB5417C366016
vary: Accept
content-type: image/webp
access-control-allow-origin: *
x-ms-request-id: 32584885-f01e-0071-129f-146a09000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82d5145bfbd04d52-FRA

GET
H2 200 zone Show response
pertawee.net/ 912 B
1 KB 392ms
392ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pertawee.net/zone?pub=0&zone_id=4652689&is_mobile=false&domain=www.geradordefakenews.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

Requested by

Host: pertawee.net
URL: https://pertawee.net/ntfc.php?p=4652689

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

daee5d8a83958f33ba65664646c1647adcd2801f79acd030084dcccdadcb0806

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-trace-id: 98805e2ad35976e303af536487ff7df0
date: Tue, 28 Nov 2023 19:39:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geradordefakenews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 912

GET
H2 200 universal.min.js Show response
pertawee.net/pfe/current/ 86 KB
33 KB 1723ms
118ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pertawee.net/pfe/current/universal.min.js?v=3.1.471
Requested by: Host: pertawee.net
URL: https://pertawee.net/ntfc.php?p=4652689
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:54 GMT
content-encoding: gzip
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
server: nginx
etag: W/"6564d577-1572c"
content-type: application/javascript
access-control-allow-origin: https://www.geradordefakenews.com
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 sdk.js Show response
connect.facebook.net/pt_BR/ 297 KB
85 KB 125ms
125ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pt_BR/sdk.js?hash=a8aef0662006afb1b67a34b262bfa3c2

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_BR/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

13f720efc9a62c3294d50adfd32c2774015d95f603f47ce7f4e33e8b3a9eea21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.geradordefakenews.com/
Origin: https://www.geradordefakenews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 19:39:53 GMT
content-md5: ArXdLhkBoGLz9TcVmoDGcA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86927
reporting-endpoints
x-fb-debug: dF80vao8Pc0AmG5IaDMRVHoARXndeDp/UCQa9M4QuO3jzmXvarQaTv0/6CvIhfaKyAXU+XDrPQinQgw95mbUJQ==
x-fb-content-md5: cb41b7783eef0b2900d6c3c404e8d196
cross-origin-opener-policy: same-origin-allow-popups
etag: "a561c4e76dc41460242cb9c55a8cc91e"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Wed, 27 Nov 2024 17:55:19 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
215 B 124ms
123ms XHR
text/plain 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1243635102&t=pageview&_s=1&dl=https%3A%2F%2Fwww.geradordefakenews.com%2F&ul=en-us&de=UTF-8&dt=Gerador%20de%20Fake%20News%20%7C%20Crie%20sua%20pegadinha&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=659215050&gjid=1885443385&cid=584128364.1701200393&tid=UA-167879703-1&_gid=104035056.1701200394&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=172053127

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.36.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geradordefakenews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.geradordefakenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
152 B 117ms
117ms XHR
text/plain 64.233.166.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-167879703-1&cid=584128364.1701200393&jid=659215050&gjid=1885443385&_gid=104035056.1701200394&_u=YADAAUAAAAAAACAAI~&z=1884447054

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.166.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geradordefakenews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 28 Nov 2023 19:39:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.geradordefakenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
409 B 810ms
175ms Image
image/gif 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-167879703-1&cid=584128364.1701200393&jid=659215050&_u=YADAAUAAAAAAACAAI~&z=2141242878

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.nl/ads/ 42 B
409 B 952ms
155ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-167879703-1&cid=584128364.1701200393&jid=659215050&_u=YADAAUAAAAAAACAAI~&z=2141242878

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f195.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Widget_2.js Show response
storage.ko-fi.com/cdn/widget/ 3 KB
1 KB 151ms
150ms Script
application/javascript 104.22.28.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.ko-fi.com/cdn/widget/Widget_2.js
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.28.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc8cc7536bf94d03004fa21c405a2281878fb1296a61a9dfeb55cc27a53c6ca1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 28 Nov 2023 19:39:54 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: OrvIUQF0Mg8EkV9ejBdWSw==
age: 1706
cf-polished: origSize=3628
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Mon, 24 Oct 2022 16:33:26 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a45caea3-001e-0020-2d15-1674fc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 82d51461bb7e4d52-FRA

GET
H2 200 17c0da55b4f8d3b7986f02c2fed6f2cc.js Show response
scripts.cleverwebserver.com/ 129 KB
47 KB 1914ms
308ms Script
application/javascript 104.18.42.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.cleverwebserver.com/17c0da55b4f8d3b7986f02c2fed6f2cc.js
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.42.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b80676dc5827ff7b235398e8c20c37adb9e85db1ccf0bcf4073b1231059477d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:59 GMT
x-amz-version-id: 9rxYIgb8jKBYYYQLImcggXTuNJ_KQg5V
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 23 Nov 2023 12:19:32 GMT
server: cloudflare
x-amz-request-id: G3WJ0JZHWKWETV4X
etag: W/"0fac2d3fec11a0f8331dce9ae6a0051a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=1800
cf-ray: 82d5147e2edc30e2-FRA
x-amz-id-2: YjpvK+DrUjU7E0HUpNIyOdp8VNjjB8c91xl2FxjY1s1Ox6IT5ahV59mz4xzs/EHkhPYCASO9Ses=
expires: Tue, 28 Nov 2023 20:09:59 GMT

GET
H2 200 whitelogo.svg
storage.ko-fi.com/cdn/ 2 KB
998 B 130ms
129ms Image
image/svg+xml 104.22.28.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.ko-fi.com/cdn/whitelogo.svg
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.28.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a97e2486e279a2b5bf69bcff95f7cb25134574da875dbbcf9404467749b21253

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 28 Nov 2023 19:39:57 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: NNxd8cik1auzYySPv5WiaQ==
age: 4621
x-ms-lease-status: unlocked
last-modified: Mon, 24 Oct 2022 16:33:26 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 1ee3cc30-201e-003c-27b0-0eaceb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 82d514741aa64d52-FRA

GET
H2 200 6xKtdSZaM9iE8KbpRA_hK1QN.woff2
fonts.gstatic.com/s/quicksand/v31/ 27 KB
28 KB 1039ms
390ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Quicksand:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

5a42c91e1ecc9b09346a1520d9a6f98074c13eebfb1cc87c4e82e5992beb685b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.geradordefakenews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:09 GMT
x-content-type-options: nosniff
age: 351286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28064
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:09 GMT

GET
H2 200 share_button.php Show response
www.facebook.com/v7.0/plugins/ Frame 34A8 43 KB
15 KB 863ms
256ms Document
text/html 157.240.252.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v7.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b71f7b3e11ed8%26domain%3Dwww.geradordefakenews.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.geradordefakenews.com%252Ff335c72d3a4a84c%26relation%3Dparent.parent&container_width=380&href=https%3A%2F%2Fwww.geradordefakenews.com%2F&layout=button_count&locale=pt_BR&sdk=joey&size=small

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_BR/sdk.js?hash=a8aef0662006afb1b67a34b262bfa3c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra3.facebook.com

Software

Resource Hash

564257effa3ffa937ae50f38094bb38b22ef920a221880ad6186741ca13862be

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geradordefakenews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 19:39:55 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v12.0
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 6h4htTxYIA4+BeO8WqhxwQ1lwAOIQ/y8Fdr6RSbgQETbDv2/3BNG9zGZdAOfHR/D9FYqrqvnPb6sSQzEFTFuEA==
x-xss-protection: 0

GET
H/1.1 200
OK widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html Show response
platform.twitter.com/widgets/ Frame 10B8 319 KB
104 KB 112ms
112ms Document
text/html 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fwww.geradordefakenews.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BC0) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.geradordefakenews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1402612
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Nov 2023 19:39:54 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 09 Oct 2023 20:29:18 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BC0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 10B8 870 B
661 B 1797ms
219ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=a2aac2fd9ae0acd393d667652d73879bffaaf32d

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fwww.geradordefakenews.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-response-time: 104
date: Tue, 28 Nov 2023 19:39:55 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Tue, 28 Nov 2023 19:39:56 GMT
server: tsa_f
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 1a6ed11d72694bde
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: ac48be1ae1cffcfaf477a9abe7ae60149ecc68044f5a6daad7b79bc7cb81facc
content-length: 338

GET
H2 200 AxOFgCrBSAW.js Show response
static.xx.fbcdn.net/rsrc.php/v3iM-F4/yb/l/pt_BR/ Frame 34A8 528 KB
136 KB 758ms
128ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iM-F4/yb/l/pt_BR/AxOFgCrBSAW.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v7.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b71f7b3e11ed8%26domain%3Dwww.geradordefakenews.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.geradordefakenews.com%252Ff335c72d3a4a84c%26relation%3Dparent.parent&container_width=380&href=https%3A%2F%2Fwww.geradordefakenews.com%2F&layout=button_count&locale=pt_BR&sdk=joey&size=small

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

f0f442614ee2dab67238571450343c088409e396b7cfdbbf79b1181bd2c94716

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:56 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: VaYHIKZes9t6EQrZvo0n5w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 139227
reporting-endpoints
x-fb-debug: PiYeabh+SeeiHPMI17eZ2cqPmEGYCIYc+62G4wpPXPwjTKOhvuBXbEOXWP2Jx4d5w/lQFCK/PV+VWAvWNV6sdg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Fri, 22 Nov 2024 00:26:14 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 34A8 272 B
907 B 709ms
126ms Image
image/png 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:56 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
reporting-endpoints
x-fb-debug: 78EGKFOam4XgdIyDua4iDPkwksBVVBHj2LP8ttpXJ2efRC0IDimkumJq+quxhUOKDku4cQKr33WDWhJ2N+U1jg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 16 Nov 2024 04:22:45 GMT

OPTIONS
H2 200 custom
pertawee.net/ Frame 0
0 114ms
114ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pertawee.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.geradordefakenews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.geradordefakenews.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 28 Nov 2023 19:39:55 GMT
server: nginx

POST
H2 200 custom Show response
pertawee.net/ 39 B
339 B 100ms
100ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pertawee.net/custom

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geradordefakenews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: e575c8417131f97fd0063f01feec1d37
date: Tue, 28 Nov 2023 19:39:55 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geradordefakenews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
552 B 478ms
120ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=0f8ba009eb2146208ec3d2602c54e3b2&zoneId=4652689&checkDuplicate=true&ymid=&var=

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

8611febe738d64132053099c63a9eb44ca1192cba309ade978a2dc29f6f5f421

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:56 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geradordefakenews.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 defaultSkin.min.js Show response
pertawee.net/pfe/current/ 56 KB
19 KB 244ms
244ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pertawee.net/pfe/current/defaultSkin.min.js
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 19:39:56 GMT
content-encoding: gzip
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
server: nginx
etag: W/"6564d577-df63"
content-type: application/javascript
access-control-allow-origin: https://www.geradordefakenews.com
cache-control: no-cache
access-control-allow-credentials: true

GET
DATA 200
OK truncated
/ Frame 6E8E 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 200 custom
pertawee.net/ Frame 0
0 106ms
106ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pertawee.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.geradordefakenews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.geradordefakenews.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 28 Nov 2023 19:39:56 GMT
server: nginx

POST
H2 200 custom Show response
pertawee.net/ 39 B
339 B 121ms
121ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pertawee.net/custom

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geradordefakenews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: c23b66e230974d8c082ee59a2f6f23bc
date: Tue, 28 Nov 2023 19:39:56 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geradordefakenews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H/1.1 200
OK button.13c48d2966337fafa1c1eb5533fdf29d.js Show response
platform.twitter.com/js/ 8 KB
3 KB 128ms
128ms Script
application/javascript 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.13c48d2966337fafa1c1eb5533fdf29d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB3) /
Resource Hash: fbb613590ab06b8838cad9193caa3797b2fb582dd88a444a1afe2424754d97ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 19:39:57 GMT
Content-Encoding: gzip
Age: 4316851
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2617
Last-Modified: Mon, 09 Oct 2023 20:29:15 GMT
Server: ECS (amb/6BB3)
Etag: "def6f3052007521ae22a38b870dfd318+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.d37472b4a6622d0b1fff46ad904f6896.pt.html Show response
platform.twitter.com/widgets/ Frame 3FC3 34 KB
13 KB 114ms
114ms Document
text/html 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.d37472b4a6622d0b1fff46ad904f6896.pt.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB3) /
Resource Hash: 27fe80505abd206cb08322a483eb9e65320ca791c349975609fd91400903ed0f

Request headers

Referer: https://www.geradordefakenews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4316466
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12857
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Nov 2023 19:39:57 GMT
Etag: "e4a559b723aae8f4dfe718abb20b1099+gzip"
Last-Modified: Mon, 09 Oct 2023 20:29:17 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BB3)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
152 B 268ms
267ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.geradordefakenews.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22pt%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1701200397541%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2201917f4d1d4cb%3A1696883169554%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=a2aac2fd9ae0acd393d667652d73879bffaaf32d

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-response-time: 105
date: Tue, 28 Nov 2023 19:39:56 GMT
strict-transport-security: max-age=631138519
last-modified: Tue, 28 Nov 2023 19:39:57 GMT
server: tsa_f
vary: Origin
content-type: image/gif
x-transaction-id: e118136546d61911
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: ac48be1ae1cffcfaf477a9abe7ae60149ecc68044f5a6daad7b79bc7cb81facc
content-length: 43

GET
DATA 200
OK truncated
/ Frame 3FC3 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
ui.cleverwebserver.com/ 160 B
383 B 134ms
133ms Script
application/javascript 104.18.42.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ui.cleverwebserver.com/
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.42.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dee10f44b805a90a3bed348209715380560020d1d73dac318de6bb1b985f03bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 82d51481fb7230e2-FRA
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization

GET
H2 200 /
call.cleverwebserver.com/ 43 B
105 B 156ms
155ms Image
image/gif 104.18.42.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://call.cleverwebserver.com/?id=54411&c=DE&r=HE&l=135&b=Chrome&os=Win10&mob=0&v=1.58.1&ref=aHR0cHM6Ly93d3cuZ2VyYWRvcmRlZmFrZW5ld3MuY29tLw%3D%3D&ruri=&iv=-1&ctr=DE&sz=1200
Requested by: Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.42.100 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.geradordefakenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:39:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82d51482dc8e30e2-FRA
content-length: 43
content-type: image/gif

POST
H2 200 custom Show response
pertawee.net/ 39 B
338 B 108ms
108ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pertawee.net/custom

Requested by

Host: www.geradordefakenews.com
URL: https://www.geradordefakenews.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geradordefakenews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: cd05c5690d7e0cc417d9779447907a78
date: Tue, 28 Nov 2023 19:40:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geradordefakenews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

OPTIONS
H2 200 custom
pertawee.net/ Frame 0
0 393ms
392ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pertawee.net/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.geradordefakenews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.geradordefakenews.com
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 28 Nov 2023 19:40:00 GMT
server: nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.geradordefakenews.com/	1970-01-21 02:09:20	Name: _ga_2QFH9Z28KW Value: GS1.1.1701200393.1.0.1701200393.60.0.0
.geradordefakenews.com/	1970-01-21 02:09:20	Name: _ga Value: GA1.2.584128364.1701200393
.geradordefakenews.com/	1970-01-20 16:34:46	Name: _gid Value: GA1.2.104035056.1701200394
.geradordefakenews.com/	1970-01-20 16:33:20	Name: _gat_gtag_UA_167879703_1 Value: 1
my.rtmark.net/	1970-01-21 01:18:56	Name: ID Value: 0f8ba009eb2146208ec3d2602c54e3b2
www.geradordefakenews.com/	1970-01-20 17:16:32	Name: clever-last-tracker-54411 Value: 0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
security	warning	Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
call.cleverwebserver.com
cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
my.rtmark.net
pertawee.net
platform.twitter.com
region1.analytics.google.com
scripts.cleverwebserver.com
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.ko-fi.com
syndication.twitter.com
ui.cleverwebserver.com
www.facebook.com
www.geradordefakenews.com
www.google-analytics.com
www.google.com
www.google.de
www.google.nl
www.googletagmanager.com
104.17.25.14
104.18.42.100
104.22.28.80
104.244.42.72
139.45.195.8
139.45.197.251
142.250.184.196
142.250.185.106
142.250.185.67
142.250.185.72
142.250.186.138
142.250.74.195
157.240.252.13
157.240.252.35
172.217.16.195
216.239.32.36
216.239.36.178
62.72.62.250
64.233.166.155
93.184.220.66
0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42
109b319351e682be42616513c58cbed6f023235515e875fb80ef7dabc4d99d49
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
13f720efc9a62c3294d50adfd32c2774015d95f603f47ce7f4e33e8b3a9eea21
27fe80505abd206cb08322a483eb9e65320ca791c349975609fd91400903ed0f
2d84af6b6a5e5da91a00ec3a6069d761f1ebc232ee8a79b49fc35749e9084e5a
3b873dfa21ab70a40e6928888eb9abb76463d8edebc1f85bf8c5f795ca69e081
43620d4167eed0aae2c452914018932e583aef5579f88ce738766f5cbfd5cb7f
457554ad286ecf6fd5f5e79e6c883602d57638d50f96fb060f6edc19de027834
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
564257effa3ffa937ae50f38094bb38b22ef920a221880ad6186741ca13862be
5a42c91e1ecc9b09346a1520d9a6f98074c13eebfb1cc87c4e82e5992beb685b
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b23e3a7155161323573e58616ff1bfdaffd0560483db31315d181f6b394ddd5
83ef0e9bf00ac7014e3f83fdc9e9e5aec1760ab5495f086e95ea0b0f8f4467c3
84e7cadaf752f5b308495cc51fdafad5449aa921d7bb5a79acab09d40eaafd50
8611febe738d64132053099c63a9eb44ca1192cba309ade978a2dc29f6f5f421
8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94
90e2de529ed31ec95641f37530396ff54eb18345a6098a0351fe1048a681e55b
9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182
a125ab37275fe746604e8140ee6319c0ee56b4a7c3515ce837fa10264c73d866
a1d34b0ceaf5ff187d50d8bbba23e0f783afd118c999a3d9d2fb6668452155d4
a97e2486e279a2b5bf69bcff95f7cb25134574da875dbbcf9404467749b21253
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad3995ed8857c7c6c71609fb70c4c77bc564d9279424bc5b9945134720730d24
b80676dc5827ff7b235398e8c20c37adb9e85db1ccf0bcf4073b1231059477d3
bc74adc7f730c185a4218ad2c993e34da92376e1cc7484ce24ab299e9dc89f27
bc8cc7536bf94d03004fa21c405a2281878fb1296a61a9dfeb55cc27a53c6ca1
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
d2ca6269b778e4c7f46030aa5f03342143deeb77c06bd632856a6fa5e2e8bf1f
daee5d8a83958f33ba65664646c1647adcd2801f79acd030084dcccdadcb0806
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de91c27ad558aa3d85825d6c72cf89a6a18e68bad5d9978196bd3bd3b6df0121
dee10f44b805a90a3bed348209715380560020d1d73dac318de6bb1b985f03bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed555a279183c054222c873e78d92c40b512498e49359b6abfda36048f141988
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f442614ee2dab67238571450343c088409e396b7cfdbbf79b1181bd2c94716
fbb613590ab06b8838cad9193caa3797b2fb582dd88a444a1afe2424754d97ca
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

www.geradordefakenews.com Open in urlscan Pro 62.72.62.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

53 Requests

100 %HTTPS

0 %IPv6

18 Domains

23 Subdomains

21 IPs

4 Countries

997 kBTransfer

2726 kBSize

6 Cookies

2 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.geradordefakenews.com Open in urlscan Pro
62.72.62.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

100 %
HTTPS

0 %
IPv6

18
Domains

23
Subdomains

21
IPs

4
Countries

997 kB
Transfer

2726 kB
Size

6
Cookies

53 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!