www.njrat.net Open in urlscan Pro
2404:6800:4006:80a::2013 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.njrat.net/
Effective URL:
https://www.njrat.net/
Submission: On December 19 via api (December 19th 2024, 10:00:52 am UTC) from US — Scanned from AU

Summary HTTP 76 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 15 domains to perform 76 HTTP transactions. The main IP is 2404:6800:4006:80a::2013, located in Sydney, Australia and belongs to GOOGLE, US. The main domain is www.njrat.net.
TLS certificate: Issued by WR3 on November 1st 2024. Valid for: 3 months.

This is the only time www.njrat.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2404:6800:400... 2404:6800:4006:80a::2013	15169 (GOOGLE) (GOOGLE)
3	2404:6800:400... 2404:6800:4006:80a::2001	15169 (GOOGLE) (GOOGLE)
6	142.250.66.194 142.250.66.194	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:bdf::69 2620:1ec:bdf::69	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
24	2404:6800:400... 2404:6800:4006:809::2001	15169 (GOOGLE) (GOOGLE)
4	142.250.66.195 142.250.66.195	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:ba1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4006:814::200a	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4006:804::2009	15169 (GOOGLE) (GOOGLE)
2	157.240.8.23 157.240.8.23	32934 (FACEBOOK) (FACEBOOK)
7	142.250.71.66 142.250.71.66	15169 (GOOGLE) (GOOGLE)
3	51.8.44.252 51.8.44.252	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2404:6800:400... 2404:6800:4006:809::200e	15169 (GOOGLE) (GOOGLE)
12	142.251.221.78 142.251.221.78	15169 (GOOGLE) (GOOGLE)
1 2	20.125.62.241 20.125.62.241	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.66.228 142.250.66.228	15169 (GOOGLE) (GOOGLE)
76	18

2 2404:6800:4006:80a::2013 (Sydney, Australia)

ASN15169 (GOOGLE, US)

www.njrat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4006:80a::2001 (Sydney, Australia)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.66.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::69 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2404:6800:4006:809::2001 (Sydney, Australia)

ASN15169 (GOOGLE, US)

blogger.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.66.195 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ba1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4006:814::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4006:804::2009 (Sydney, Australia)

ASN15169 (GOOGLE, US)

www.blogger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.8.23 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-syd2.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.71.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.8.44.252 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

f.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4006:809::200e (Sydney, Australia)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.251.221.78 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.125.62.241 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.66.228 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	googleusercontent.com blogger.googleusercontent.com — Cisco Umbrella Rank: 10221	139 KB
15	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 695 www.google.com — Cisco Umbrella Rank: 3	76 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 625 f.clarity.ms — Cisco Umbrella Rank: 12256 c.clarity.ms — Cisco Umbrella Rank: 1269	31 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
6	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	281 KB
4	gstatic.com fonts.gstatic.com	81 KB
3	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 389 ep2.adtrafficquality.google — Cisco Umbrella Rank: 403	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	77 KB
2	njrat.net www.njrat.net	71 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 205	770 B
1	blogger.com www.blogger.com — Cisco Umbrella Rank: 12722	51 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 415	34 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3370	76 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	111 KB
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 527	8 KB
76	15

	Domain	Requested by
24	blogger.googleusercontent.com	www.njrat.net
14	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com
6	pagead2.googlesyndication.com	www.njrat.net pagead2.googlesyndication.com
4	fonts.gstatic.com	www.njrat.net
3	f.clarity.ms	www.clarity.ms
2	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google
2	c.clarity.ms	1 redirects
2	connect.facebook.net	www.njrat.net connect.facebook.net
2	www.clarity.ms	www.njrat.net www.clarity.ms
2	www.njrat.net
1	www.google.com	ep2.adtrafficquality.google
1	ep1.adtrafficquality.google	pagead2.googlesyndication.com
1	c.bing.com	1 redirects
1	www.blogger.com	www.njrat.net
1	ajax.googleapis.com	www.njrat.net
1	stackpath.bootstrapcdn.com	www.njrat.net
1	cdn.jsdelivr.net	www.njrat.net
1	cdn.ampproject.org	www.njrat.net
76	19

This site contains links to these domains. Also see Links.

Domain
njrat.net
twitter.com
www.instagram.com
www.pinterest.com
www.blogger.com
www.bloglovin.com

Subject Issuer	Validity	Valid
www.njrat.net WR3	`2024-11-01` - `2025-01-30`	3 months	crt.sh
misc-sni.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.googleusercontent.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
bootstrapcdn.com WE1	`2024-11-18` - `2025-02-16`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.blogger.com WE2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-27` - `2024-12-26`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
adtrafficquality.google WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.njrat.net/
Frame ID: 3D51BBFB0429012985D9C6C045DFD0B4
Requests: 68 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/zrt_lookup_fy2021.html
Frame ID: D8BF0B452D90129DE3FE2287177246A4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2659198279613193&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1733475023&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.njrat.net%2F&host=ca-host-pub-1556223355139109&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1734602445575&bpp=4&bdt=539&idt=419&shv=r20241212&mjsv=m202412090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=7529343836183&frm=20&pv=2&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089324%2C31089328%2C31089339%2C95345967&oid=2&pvsid=963240315219718&tmod=956866552&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1150%2C1150%2C1150%2C1150%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=457
Frame ID: 8C38225053B44D03529C18A78E0F510E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2659198279613193&output=html&h=280&slotname=1754907781&adk=239741177&adf=3347520083&pi=t.ma~as.1754907781&w=1069&abgtt=6&fwrn=4&fwrnh=100&lmt=1733475023&rafmt=1&format=1069x280&url=https%3A%2F%2Fwww.njrat.net%2F&host=ca-host-pub-1556223355139109&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1734602445579&bpp=3&bdt=544&idt=479&shv=r20241212&mjsv=m202412090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=7529343836183&frm=20&pv=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=386&ady=135&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089324%2C31089328%2C31089339%2C95345967&oid=2&pvsid=963240315219718&tmod=956866552&uas=0&nvt=1&fc=1920&brdim=1150%2C1150%2C1150%2C1150%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=487
Frame ID: AD01FABA637B29C0F108C7F222F974EE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&gpp_sid=-1&client=ca-pub-2659198279613193&output=html&h=280&adk=3809598800&adf=54630664&pi=t.aa~a.110265673~rp.4&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1733475023&rafmt=1&to=qs&pwprc=2271790077&format=1200x280&url=https%3A%2F%2Fwww.njrat.net%2F&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1734602447633&bpp=1&bdt=2598&idt=-M&shv=r20241212&mjsv=m202412090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da64e92779bcf07a0%3AT%3D1734602446%3ART%3D1734602446%3AS%3DALNI_Mb3fqYV6fRiSLRt_sYYHiUIbRoqxw&gpic=UID%3D00000facd8466cb1%3AT%3D1734602446%3ART%3D1734602446%3AS%3DALNI_MZUdX4YbYhIhlrcq-XOUSErTGDAlQ&eo_id_str=ID%3D816bd3468ecd8481%3AT%3D1734602446%3ART%3D1734602446%3AS%3DAA-AfjbSzjqAWdMifeofrkEqcbAn&prev_fmts=0x0%2C1069x280&nras=2&correlator=7529343836183&frm=20&pv=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1663&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089324%2C31089328%2C31089339%2C95345967&oid=2&psts=AOrYGskYKt-P0QyB0brSTnfdkhuS6JG4uKbwkWyiO78od0OJILOXKmZrLiZZBvSdhKnPBO5gdjOvgzXfupzMez7BpicivGbo&pvsid=963240315219718&tmod=956866552&uas=0&nvt=1&fc=1920&brdim=1150%2C1150%2C1150%2C1150%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=671
Frame ID: A045CDAFF76F54275AB3FD050B799AF7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/zrt_lookup_fy2021.html
Frame ID: 65EA56FDDB76B3800F20047EF9ED1B26
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/zrt_lookup_fy2021.html
Frame ID: 6F2C346E569E7EE727219C2D84CD78B4
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: CEA84C57C676274E5E574C6719ADD24A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 88772E2272D6647B8481EBA00A0FA643
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

njrat official website

Page URL History Show full URLs

http://www.njrat.net/ HTTP 307
https://www.njrat.net/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

76
Requests

95 %
HTTPS

50 %
IPv6

15
Domains

19
Subdomains

18
IPs

3
Countries

1056 kB
Transfer

2557 kB
Size

17
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://njrat.net/p/about.html
Title: Disclaimer

Search URL Search Domain Scan URL

URL: https://twitter.com/NjRAT5552

Search URL Search Domain Scan URL

URL: https://www.instagram.com/njrat5552/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/njrat1177/

Search URL Search Domain Scan URL

URL: https://njrat.net/p/contact-us.html
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.blogger.com/profile/09758564865592312536
Title: njrat official website

Search URL Search Domain Scan URL

URL: https://www.bloglovin.com/blog/21570488/?claim=938msenfdq7
Title: Follow my blog with Bloglovin

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.njrat.net/ HTTP 307
https://www.njrat.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3EA3F1991267481893028B65773213AE&RedC=c.clarity.ms&MXFR=0832BA5105F16312118EAF0B01F16D14 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3EA3F1991267481893028B65773213AE&MUID=34701527B4BF6A623C03007DB57C6BAC

76 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.njrat.net/
Redirect Chain

http://www.njrat.net/
https://www.njrat.net/

448 KB
69 KB

1486ms
720ms

Document
text/html

2404:6800:4006:80a::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2013 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ea10c30e79f2497b55ec87931438ff0bceb63f5e75a1256c7830a4f28438d0a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=0
content-encoding: gzip
content-length: 70694
content-type: text/html; charset=UTF-8
date: Thu, 19 Dec 2024 10:00:44 GMT
etag: W/"d58378283b05adab383b4f41ac7ed892f6869cde065a1e59845c1acb5513ab38"
expires: Thu, 19 Dec 2024 10:00:44 GMT
last-modified: Fri, 06 Dec 2024 08:50:23 GMT
server: GSE
x-content-type-options: nosniff
x-robots-tag: all,noodp
x-xss-protection: 1; mode=block

Redirect headers

Location: https://www.njrat.net/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 amp-auto-ads-0.1.js Show response
cdn.ampproject.org/v0/ 25 KB
8 KB 588ms
195ms Script
text/javascript 2404:6800:4006:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-auto-ads-0.1.js

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7081f13bd2b731be9939ee98b694ef7947ec8a9c9d0e2720de82ae94ea3d2f9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: br
etag: "39c0e3c887673e82"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 19 Dec 2024 10:00:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: private, max-age=604800, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 7573
x-xss-protection: 0
server: sffe

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 157 KB
52 KB 416ms
221ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2659198279613193

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

cafe /

Resource Hash

a74e13f0f3abe3e773d4934d2764f7e789551d0046fb4e23a6672f70a5c26c16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

content-encoding: br
etag: 3088292339598030965
x-content-type-options: nosniff
expires: Thu, 19 Dec 2024 10:00:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53492
x-xss-protection: 0
server: cafe

GET
H2 200 lszb6za8ro Show response
www.clarity.ms/tag/ 689 B
1 KB 766ms
491ms Script
application/x-javascript 2620:1ec:bdf::69
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/lszb6za8ro
Requested by: Host: www.njrat.net
URL: https://www.njrat.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::69 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 1cbb3a858083cc60e0c795fcc2bab05320c6c7f235e2a8b45c00b24c4824fe5a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 689
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: application/x-javascript
x-azure-ref: 20241219T100045Z-15bc9fd5b7d9fcfvhC1MELtzbs00000008e0000000005yrs

GET
H2 200 AVvXsEgm_mArvYjCUmERu3-E3VMPmGoSGBwb_4UVAgRuuxO2x8Gy9TV5jklvIEucRBAUeakeKgoTR__4MCUXvR-67NRNWAau5N2QiNpUkm1IqTe2qaD-FI6ckWKoa6LPOAmRgjA08KqAcWUkdLjHVbyWwfuBLIyhVvZzLYDYzGBYBnpaPC-oBdgaN1E3KxiNlZ9C=...
blogger.googleusercontent.com/img/a/ 6 KB
6 KB 1422ms
1128ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/a/AVvXsEgm_mArvYjCUmERu3-E3VMPmGoSGBwb_4UVAgRuuxO2x8Gy9TV5jklvIEucRBAUeakeKgoTR__4MCUXvR-67NRNWAau5N2QiNpUkm1IqTe2qaD-FI6ckWKoa6LPOAmRgjA08KqAcWUkdLjHVbyWwfuBLIyhVvZzLYDYzGBYBnpaPC-oBdgaN1E3KxiNlZ9C=s180

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

82eb49f51b580c387c63d9239096f02987a4eabf0259deb0d8959325fcd4e3b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v2a"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6543
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Untitled.png"

GET
H2 200 macos-bg.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0TLw0DbSmSEkVm13eAH0g-nqXkVy9ce7f18X38W5hNE89eV2duhXGpaZXz9qQt-P1mc_Mnd1e2wiY32Ky7RiTimmrYv8B6745vkady0gCpg-ivtrxzEn1LzvJTNTggupoEWVw7s8evygwOIbr... 38 KB
38 KB 1132ms
840ms Image
image/jpeg 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0TLw0DbSmSEkVm13eAH0g-nqXkVy9ce7f18X38W5hNE89eV2duhXGpaZXz9qQt-P1mc_Mnd1e2wiY32Ky7RiTimmrYv8B6745vkady0gCpg-ivtrxzEn1LzvJTNTggupoEWVw7s8evygwOIbrlYO60KMBsXMpGJFehsPYUhzvdyJU0D_ajMHGYh6o/s16000/macos-bg.jpg

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

56b777d781db5a91e3bf97bf76748b4bdca535ee170ea8cda970a4a5ed6f48b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v31c5"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38812
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/jpeg
vary: Origin
server: fife
content-disposition: inline;filename="macos-bg.jpg"

GET
H3 200 7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v5/ 20 KB
20 KB 291ms
98ms Font
font/woff2 142.250.66.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHpv4kjgoGqM7E_DMs5.woff2

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f3.1e100.net

Software

sffe /

Resource Hash

023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

age: 403992
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 17:47:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 14 Dec 2024 17:47:33 GMT
last-modified: Thu, 10 Sep 2020 17:04:46 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20444
x-xss-protection: 0
server: sffe

GET
H2 200 remixicon.woff2
cdn.jsdelivr.net/npm/remixicon@2.3.0/fonts/ 110 KB
111 KB 166ms
58ms Font
font/woff2 2606:4700::6812:ba1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/remixicon@2.3.0/fonts/remixicon.woff2?t=1580819880586

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

556eb85f60368837347be3b840f6c4542ddcd71d23436f449d945321b92f0bd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: *
cf-cache-status: HIT
etag: W/"1b9b0-Frx30xgHi0GN5CYGIBPDAyItbeQ"
age: 4879493
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaIR1%2FWn4iNVvS7a8dZgNyUL5avrfwEj4WwMs8VT%2FllXIm50ETrrVMKmzPC7baHW0Z44G%2FLKGOVh8afhA49DhithsfhVCa4MCdkwcvzkcJWxFgiRPjNmYQyr5MP1rMaHrfBUUuLurk2dLXzjesM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: font/woff2
x-served-by: cache-fra-eddf8230052-FRA, cache-lga21975-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f468c22e8d487b6-PER
accept-ranges: bytes
access-control-allow-origin: *
content-length: 113072
server: cloudflare
x-jsd-version: 2.3.0

GET
H3 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 452ms
397ms Font
font/woff2 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

cdn-status: 200
cf-cache-status: HIT
etag: "af7ae505a9eed503f8b8e6982036873e"
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: font/woff2
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 09/26/2024 10:53:46
cdn-cache: HIT
cdn-requestpullcode: 200
priority: u=0,i=?0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
timing-allow-origin: *
cdn-requesttime: 0
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 3deb08f531ddbc461f7e569ea9c0ee7b
cross-origin-resource-policy: cross-origin
cdn-pullzone: 252412
cdn-proxyver: 1.04
cf-ray: 8f468c229ab6866a-PER
accept-ranges: bytes
access-control-allow-origin: *
content-length: 77160
cdn-edgestorageid: 1114
server: cloudflare
cdn-requestcountrycode: US

GET
H3 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v5/ 20 KB
20 KB 366ms
173ms Font
font/woff2 142.250.66.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f3.1e100.net

Software

sffe /

Resource Hash

bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

age: 387571
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 22:21:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 14 Dec 2024 22:21:14 GMT
last-modified: Thu, 10 Sep 2020 17:07:49 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20348
x-xss-protection: 0
server: sffe

GET
H3 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 21 KB
21 KB 331ms
138ms Font
font/woff2 142.250.66.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f3.1e100.net

Software

sffe /

Resource Hash

4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

age: 386553
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 22:38:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 14 Dec 2024 22:38:12 GMT
last-modified: Thu, 10 Sep 2020 17:05:19 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21080
x-xss-protection: 0
server: sffe

GET VB.NET%20Strong%20Crypter%20Avoids%20WD.PNG
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbovM1Pp40H4Rksj4mXDBGw86EiHzcaDVOVqAs-ZqbzeH5xpSKJCozkfYWOD9fvoJoGRFVk5Ta8fvY8g8h5qpgsQ7mNn6McmzB04bePU2pr9dRtZoE-AkW-P9I2GcWjd-hLtjoKLRPENsW5JGL... 0
0

GET
H2 200 SVCHOST%20INJECTOR%202025.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilF8tLnA2MOpt430hM0rGCPWwvJcT7-Yw9ib20aLkykH_FF31VFyMpXa-OIRjlDQ56zhgZpfPsdr8RQrqxzT3oo0Ok3TpgVMAVI3uHycjQ3A-_NjpP_dxrEhbntmhbtMqOVTyHYnUE1E701nqS... 6 KB
6 KB 1332ms
1056ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilF8tLnA2MOpt430hM0rGCPWwvJcT7-Yw9ib20aLkykH_FF31VFyMpXa-OIRjlDQ56zhgZpfPsdr8RQrqxzT3oo0Ok3TpgVMAVI3uHycjQ3A-_NjpP_dxrEhbntmhbtMqOVTyHYnUE1E701nqSs7404kmxIlBsX6qY2yf5jv9mg4OxlwiKXxM-T1gtUZiP/w72-h72-p-k-no-nu/SVCHOST%20INJECTOR%202025.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f8b175234d05b72c5d5cfd5cefa8da032d01185dfd9a05f043edc6d4c35942df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v11b"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6129
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="SVCHOST INJECTOR 2025.png"

GET
H2 200 Crypter%20Server%20NjRAT%202025.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEillY4NrsKEB_E5sMVy52vGGPNkAdH92tA9le9C9nzhFsu-tFVeBys0iiVX9v0gaGJozZxz0n2uhQSQQlttSwDkC2pzWIMMr8FbN55bahP3vFXwFNO1ZMXLyfTAYCvnZ-UyhnMJvimxazqRAh7u... 4 KB
4 KB 1371ms
1096ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEillY4NrsKEB_E5sMVy52vGGPNkAdH92tA9le9C9nzhFsu-tFVeBys0iiVX9v0gaGJozZxz0n2uhQSQQlttSwDkC2pzWIMMr8FbN55bahP3vFXwFNO1ZMXLyfTAYCvnZ-UyhnMJvimxazqRAh7uPnm0varEcTlMwdIZ17NVUrUbS4JiKB7BegKus5EEfI3C/w72-h72-p-k-no-nu/Crypter%20Server%20NjRAT%202025.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c050deedbcf91679957f19e03f21cf4106b6b22feb9414492418dd413955e8ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vf9"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4328
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Crypter Server NjRAT 2025.png"

GET
H2 200 Rat%208.1%20Blue%20Eagle%20Shades%20+%20Tutorial.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDHB-krSktaafCW5KOK6Dorbzcl9-4uAa-nZGDn-ANgD9nA2qs4grSfi_vLfZ6WsBMpog4FDUGb_rHVv8TpHRRwGwhL0xfxTApLAnUKEAFdnWVkFF0q6GO2WNKVENSi48ZgrjJ8TLhbSm0dTh6... 6 KB
6 KB 1451ms
1176ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDHB-krSktaafCW5KOK6Dorbzcl9-4uAa-nZGDn-ANgD9nA2qs4grSfi_vLfZ6WsBMpog4FDUGb_rHVv8TpHRRwGwhL0xfxTApLAnUKEAFdnWVkFF0q6GO2WNKVENSi48ZgrjJ8TLhbSm0dTh6KVEhJz8Lgm4AptmoIGVp66gHfLO5ynvDfHXP5075HR1t/w72-h72-p-k-no-nu/Rat%208.1%20Blue%20Eagle%20Shades%20+%20Tutorial.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6de220a6e860b1594f779540b63bf25bb1efc1024ba95579e2ea8918c95c3fef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vec"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5806
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Rat 8.1 Blue Eagle Shades + Tutorial.png"

GET
H2 200 The%20Android%20Remote%20Administration%20Tool,%20DroidJack%20v4.4.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnvKBkwJk7tgOTsFzFhbQh81oaNkPZbjey-NNfRuT1C53a6Ufq7qNGDGfggwLJV0yODN_kNuzBVfgth5tnuSvyvw4iAfFMI0BrMug46jARQ0Wtq-rTAWGd9nJFf4h4bBjVFhDZ-d9OaxcaMbv3... 8 KB
8 KB 1638ms
1371ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnvKBkwJk7tgOTsFzFhbQh81oaNkPZbjey-NNfRuT1C53a6Ufq7qNGDGfggwLJV0yODN_kNuzBVfgth5tnuSvyvw4iAfFMI0BrMug46jARQ0Wtq-rTAWGd9nJFf4h4bBjVFhDZ-d9OaxcaMbv3pGyYuyQ1qYakZmdQNXf_MvljDMid6PA4a67p98sn5xiX/w72-h72-p-k-no-nu/The%20Android%20Remote%20Administration%20Tool,%20DroidJack%20v4.4.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e61b80ce652526a17cc33b5e3e590752e70639d79faae65ee62483c594b02a48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "ve7"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7986
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="The Android Remote Administration Tool, DroidJack v4.4.png"

GET
H2 200 Download%20craxs%20rat.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEht7YCZXW2Wtwl9uMnufknq02jRNFcvN6JpFAwnStIGWnKfwTMQm6wf7LCOQhbViSK-tkkmfdSlubpji4WJ4eu6H4i8d1Ar5M6ytV-c4UtlPkdYmUBv_9h0EpF6pl_H8qMXsLe41H48SjbMtoC7... 8 KB
8 KB 1415ms
1148ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEht7YCZXW2Wtwl9uMnufknq02jRNFcvN6JpFAwnStIGWnKfwTMQm6wf7LCOQhbViSK-tkkmfdSlubpji4WJ4eu6H4i8d1Ar5M6ytV-c4UtlPkdYmUBv_9h0EpF6pl_H8qMXsLe41H48SjbMtoC7E-OGOJYCT14uQQ3heWXysC-i6wvy6sWYnOxdYrXMUb7_/w72-h72-p-k-no-nu/Download%20craxs%20rat.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

811927af1a3813b07b631bce93d9020fb086d89ca9066c565ae85051a92d3424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "ve0"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8290
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Download craxs rat.png"

GET
H2 200 MaskCrypter%20Agent%202025.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2G82rLXfCl-oZp1AzxDJC-SYt2BWHQMo13tt7T_aaNovC28SIayRF-hFFZ77AKQfsM40900gYSy3s5Hu45__kfEJVsHUzAWDImw_i5N76Zc2gOSbHcdD9-kckSlLnnSw62NQkPI61cPEj0wvk... 5 KB
5 KB 1644ms
1377ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2G82rLXfCl-oZp1AzxDJC-SYt2BWHQMo13tt7T_aaNovC28SIayRF-hFFZ77AKQfsM40900gYSy3s5Hu45__kfEJVsHUzAWDImw_i5N76Zc2gOSbHcdD9-kckSlLnnSw62NQkPI61cPEj0wvk0TaK4JY4RSKStpf4vw1SwEkr-X3aN91ebxbXEUzoQl2y/w72-h72-p-k-no-nu/MaskCrypter%20Agent%202025.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

723aa71f12cd6dd309f010b66d24d6b834303bebb91a9361861064d2da57a8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vcf"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4644
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="MaskCrypter Agent 2025.png"

GET
H2 200 njrat%20official%20website%20Crypter%20by%20njrat.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwe2xqwd153suuH5Orm9zisrhaLi_KPvM2FVlBsDFoDCkVk9jIufeKulX9i0a69XKgIvyWLMxDi4t9zreIh0OyfjyVCxrV7QjgTDBuIG5GFH7AHV1AezA5Ik2rc7kJ3RKgQ3bO-Tcf8yDX9FVD... 4 KB
4 KB 1649ms
1382ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwe2xqwd153suuH5Orm9zisrhaLi_KPvM2FVlBsDFoDCkVk9jIufeKulX9i0a69XKgIvyWLMxDi4t9zreIh0OyfjyVCxrV7QjgTDBuIG5GFH7AHV1AezA5Ik2rc7kJ3RKgQ3bO-Tcf8yDX9FVDj1onClheIi0P3EDuJvlcTggRMRoGUN3rIvJR9x9Xi0e8/w72-h72-p-k-no-nu/njrat%20official%20website%20Crypter%20by%20njrat.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

72e50149514cc607393f99a201d3f9fe343ff9e43d9a811e4caf1e7aae17583d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vba"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4310
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="njrat official website Crypter by njrat.png"

GET Download%20NET-Crypter.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyGZJ_7wuuMI5ExDliGqQYZJ5-YZr_Dy59CF9XuwkDHtfy7qHxIJHxte4rtEu13jvyRryhNBFbp8-PJIIh_pxFHQFjsOfnpUv9hEpU_ZW2PpFABk8IOtAobn5uJNeufCPGX403BWHBwdBXdpgy... 0
0

GET
H2 200 Crypter%202024.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBNKgb1DWYLldKEhC7KPViQGb37IiB4qNhyphenhyphenoeuOCYaSOYaeTWdX4Lp1GL2_SgxuYDiG19ITktGXix0t4UF8SYDs64b1Hn-_fnAJ7jn8V8y3MZBlxKXLgkpTsNyGdH1d8VkGJ5J4D... 5 KB
5 KB 1368ms
1101ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBNKgb1DWYLldKEhC7KPViQGb37IiB4qNhyphenhyphenoeuOCYaSOYaeTWdX4Lp1GL2_SgxuYDiG19ITktGXix0t4UF8SYDs64b1Hn-_fnAJ7jn8V8y3MZBlxKXLgkpTsNyGdH1d8VkGJ5J4Df3Vd8Y_bZWRE8gK2yVntswHHH35ky5xVLng0Q65fgXQAl_MPWXkpW3/w72-h72-p-k-no-nu/Crypter%202024.png

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

09af0ad72e0613ec9510e9186fa256c08b303343395ae48b6a56222127ba8c1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v9c"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4770
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Crypter 2024.png"

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 389ms
98ms Script
text/javascript 2404:6800:4006:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200a Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
age: 387546
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 22:21:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 14 Dec 2024 22:21:39 GMT
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33951
x-xss-protection: 0
server: sffe

GET
H3 200 7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 21 KB
21 KB 285ms
103ms Font
font/woff2 142.250.66.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E30-8s51os.woff2

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.195 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f3.1e100.net

Software

sffe /

Resource Hash

46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

age: 387321
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 22:25:24 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 14 Dec 2024 22:25:24 GMT
last-modified: Thu, 10 Sep 2020 17:05:33 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21072
x-xss-protection: 0
server: sffe

GET
H2 200 3194816290-widgets.js Show response
www.blogger.com/static/v1/widgets/ 144 KB
51 KB 391ms
98ms Script
text/javascript 2404:6800:4006:804::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/3194816290-widgets.js

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:804::2009 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce820e52727f38b545fbec6e11b7f80b8cf1f3e4157eb6199eea4fba676b9d49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
age: 115330
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options: nosniff
expires: Thu, 18 Dec 2025 01:58:35 GMT
alt-svc: h3=":443"; ma=2592000
date: Wed, 18 Dec 2024 01:58:35 GMT
last-modified: Tue, 17 Dec 2024 20:54:55 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
content-length: 51935
x-xss-protection: 0
server: sffe

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/ 435 KB
144 KB 194ms
193ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2659198279613193

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

cafe /

Resource Hash

7a9a49efb33627e1afa3f0e8d1107600adeee7a8a78e9f67ec7bf2543bab5693

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: br
etag: 4174761130244020438
age: 65110
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 15:55:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Wed, 18 Dec 2024 15:55:35 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147831
x-xss-protection: 0
server: cafe

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 196ms
95ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

782b5f860ff7f176c46f372454fdd7e60c085a95f13ed95cf4e4221331781262

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-md5: tWGM+qhfI/XLeJS7/svFbA==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "d1f3d25c8ca4187dcb0f54e0bb5e8fe8"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 19 Dec 2024 10:09:09 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 1d6b3a3e7bc0c3eddabeb7f418867a74
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=93, rtx=0, c=23, mss=1232, tbw=4490, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: azFg/jMflhtHD1LfRiVHTURtjGeoJivBGdz1JJy0OxT219qTiyDvYJHqP/SM5h4dLWeYX6tB6zuS7x+TD29UuA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 1688
origin-agent-cluster: ?1

GET
H2 200 VB.NET%20Strong%20Crypter%20Avoids%20WD.PNG=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbovM1Pp40H4Rksj4mXDBGw86EiHzcaDVOVqAs-ZqbzeH5xpSKJCozkfYWOD9fvoJoGRFVk5Ta8fvY8g8h5qpgsQ7mNn6McmzB04bePU2pr9dRtZoE-AkW-P9I2GcWjd-hLtjoKLRPENsW5JGL... 5 KB
5 KB 781ms
779ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbovM1Pp40H4Rksj4mXDBGw86EiHzcaDVOVqAs-ZqbzeH5xpSKJCozkfYWOD9fvoJoGRFVk5Ta8fvY8g8h5qpgsQ7mNn6McmzB04bePU2pr9dRtZoE-AkW-P9I2GcWjd-hLtjoKLRPENsW5JGLP0wY9o_Dl_eA8qj4jZdzkwQbpU9FgHKjXVpwvr46pWY5/w66-h66-p-k-no-nu/VB.NET%20Strong%20Crypter%20Avoids%20WD.PNG=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5e903ff59b67ae85f1fefef8188c6ed230840575c9f798fce5e83224bf8a5398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v120"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4868
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="VB.NET Strong Crypter Avoids WD.PNG"

GET
H2 200 SVCHOST%20INJECTOR%202025.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilF8tLnA2MOpt430hM0rGCPWwvJcT7-Yw9ib20aLkykH_FF31VFyMpXa-OIRjlDQ56zhgZpfPsdr8RQrqxzT3oo0Ok3TpgVMAVI3uHycjQ3A-_NjpP_dxrEhbntmhbtMqOVTyHYnUE1E701nqS... 5 KB
5 KB 865ms
863ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

07691bc54aae9447e11da47c53eb202bb7450df03d6acb1728365bf81d1c7889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v11b"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5358
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="SVCHOST INJECTOR 2025.png"

GET
H2 200 Crypter%20Server%20NjRAT%202025.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEillY4NrsKEB_E5sMVy52vGGPNkAdH92tA9le9C9nzhFsu-tFVeBys0iiVX9v0gaGJozZxz0n2uhQSQQlttSwDkC2pzWIMMr8FbN55bahP3vFXwFNO1ZMXLyfTAYCvnZ-UyhnMJvimxazqRAh7u... 4 KB
4 KB 1108ms
1106ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEillY4NrsKEB_E5sMVy52vGGPNkAdH92tA9le9C9nzhFsu-tFVeBys0iiVX9v0gaGJozZxz0n2uhQSQQlttSwDkC2pzWIMMr8FbN55bahP3vFXwFNO1ZMXLyfTAYCvnZ-UyhnMJvimxazqRAh7uPnm0varEcTlMwdIZ17NVUrUbS4JiKB7BegKus5EEfI3C/w66-h66-p-k-no-nu/Crypter%20Server%20NjRAT%202025.png=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e1e9c7b56afb156c698d075887eafaddbd0de33df2fe744f3ce5f070200ae8b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vf9"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3839
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Crypter Server NjRAT 2025.png"

GET
H2 200 Rat%208.1%20Blue%20Eagle%20Shades%20+%20Tutorial.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDHB-krSktaafCW5KOK6Dorbzcl9-4uAa-nZGDn-ANgD9nA2qs4grSfi_vLfZ6WsBMpog4FDUGb_rHVv8TpHRRwGwhL0xfxTApLAnUKEAFdnWVkFF0q6GO2WNKVENSi48ZgrjJ8TLhbSm0dTh6... 5 KB
5 KB 848ms
846ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDHB-krSktaafCW5KOK6Dorbzcl9-4uAa-nZGDn-ANgD9nA2qs4grSfi_vLfZ6WsBMpog4FDUGb_rHVv8TpHRRwGwhL0xfxTApLAnUKEAFdnWVkFF0q6GO2WNKVENSi48ZgrjJ8TLhbSm0dTh6KVEhJz8Lgm4AptmoIGVp66gHfLO5ynvDfHXP5075HR1t/w66-h66-p-k-no-nu/Rat%208.1%20Blue%20Eagle%20Shades%20+%20Tutorial.png=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2a8ffe740b4d3aae8231ec6f95a3d186007d33c5e7fc1abbfd5ba23604230446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vec"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5089
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Rat 8.1 Blue Eagle Shades + Tutorial.png"

GET
H2 200 The%20Android%20Remote%20Administration%20Tool,%20DroidJack%20v4.4.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnvKBkwJk7tgOTsFzFhbQh81oaNkPZbjey-NNfRuT1C53a6Ufq7qNGDGfggwLJV0yODN_kNuzBVfgth5tnuSvyvw4iAfFMI0BrMug46jARQ0Wtq-rTAWGd9nJFf4h4bBjVFhDZ-d9OaxcaMbv3... 7 KB
7 KB 1163ms
1161ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnvKBkwJk7tgOTsFzFhbQh81oaNkPZbjey-NNfRuT1C53a6Ufq7qNGDGfggwLJV0yODN_kNuzBVfgth5tnuSvyvw4iAfFMI0BrMug46jARQ0Wtq-rTAWGd9nJFf4h4bBjVFhDZ-d9OaxcaMbv3pGyYuyQ1qYakZmdQNXf_MvljDMid6PA4a67p98sn5xiX/w66-h66-p-k-no-nu/The%20Android%20Remote%20Administration%20Tool,%20DroidJack%20v4.4.png=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e107d3a7aefcf9c16134967990624c1589973ee1aa28a3f0a59ea29eda4c410d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "ve7"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6879
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="The Android Remote Administration Tool, DroidJack v4.4.png"

GET
H2 200 Download%20craxs%20rat.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEht7YCZXW2Wtwl9uMnufknq02jRNFcvN6JpFAwnStIGWnKfwTMQm6wf7LCOQhbViSK-tkkmfdSlubpji4WJ4eu6H4i8d1Ar5M6ytV-c4UtlPkdYmUBv_9h0EpF6pl_H8qMXsLe41H48SjbMtoC7... 7 KB
7 KB 837ms
836ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

08bee2aa18391a2ebbb79c3bd68d09b2b841352bfbdcbb4c77cf07de98464a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "ve0"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7321
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Download craxs rat.png"

GET
H2 200 MaskCrypter%20Agent%202025.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2G82rLXfCl-oZp1AzxDJC-SYt2BWHQMo13tt7T_aaNovC28SIayRF-hFFZ77AKQfsM40900gYSy3s5Hu45__kfEJVsHUzAWDImw_i5N76Zc2gOSbHcdD9-kckSlLnnSw62NQkPI61cPEj0wvk... 4 KB
4 KB 1458ms
1456ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

30947a1578928c99a599a78c00eeee7a907cefebac55ea42f7fda93a3ddf5078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vcf"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4119
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="MaskCrypter Agent 2025.png"

GET
H2 200 njrat%20official%20website%20Crypter%20by%20njrat.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwe2xqwd153suuH5Orm9zisrhaLi_KPvM2FVlBsDFoDCkVk9jIufeKulX9i0a69XKgIvyWLMxDi4t9zreIh0OyfjyVCxrV7QjgTDBuIG5GFH7AHV1AezA5Ik2rc7kJ3RKgQ3bO-Tcf8yDX9FVD... 4 KB
4 KB 1415ms
1414ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwe2xqwd153suuH5Orm9zisrhaLi_KPvM2FVlBsDFoDCkVk9jIufeKulX9i0a69XKgIvyWLMxDi4t9zreIh0OyfjyVCxrV7QjgTDBuIG5GFH7AHV1AezA5Ik2rc7kJ3RKgQ3bO-Tcf8yDX9FVDj1onClheIi0P3EDuJvlcTggRMRoGUN3rIvJR9x9Xi0e8/w66-h66-p-k-no-nu/njrat%20official%20website%20Crypter%20by%20njrat.png=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c8db1c3c5b6be9a63735defc6a5a2d7f1ef02d322ef7bd2d3522b5a70d76825b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vba"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3844
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="njrat official website Crypter by njrat.png"

GET
H2 200 Download%20NET-Crypter.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyGZJ_7wuuMI5ExDliGqQYZJ5-YZr_Dy59CF9XuwkDHtfy7qHxIJHxte4rtEu13jvyRryhNBFbp8-PJIIh_pxFHQFjsOfnpUv9hEpU_ZW2PpFABk8IOtAobn5uJNeufCPGX403BWHBwdBXdpgy... 3 KB
3 KB 1306ms
1305ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyGZJ_7wuuMI5ExDliGqQYZJ5-YZr_Dy59CF9XuwkDHtfy7qHxIJHxte4rtEu13jvyRryhNBFbp8-PJIIh_pxFHQFjsOfnpUv9hEpU_ZW2PpFABk8IOtAobn5uJNeufCPGX403BWHBwdBXdpgyh5NeCJisf38AV1PmZvLSxiJZRm2MulVp5wpFGzrgxccZ/w66-h66-p-k-no-nu/Download%20NET-Crypter.png=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

32903bee05095dca2736b53f659bd854544b488976f1c923fb8b188a29db2a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vb1"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3405
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Download NET-Crypter.png"

GET
H2 200 Crypter%202024.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBNKgb1DWYLldKEhC7KPViQGb37IiB4qNhyphenhyphenoeuOCYaSOYaeTWdX4Lp1GL2_SgxuYDiG19ITktGXix0t4UF8SYDs64b1Hn-_fnAJ7jn8V8y3MZBlxKXLgkpTsNyGdH1d8VkGJ5J4D... 4 KB
4 KB 1520ms
1520ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

08c8b10eff727d5f73baf58e4b07041e27b0bae9cb40d6e723e342fc94217816

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v9c"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4238
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Crypter 2024.png"

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 254 KB
75 KB 99ms
98ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=5f44c3e978692c8c66c5180bf0a27681

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

55ffa4e394928edf44f4f523f21dbf531c2ad7307329c5fef00f7e5b47792167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.njrat.net
Referer: https://www.njrat.net/

Response headers

content-md5: 4jhgMPJ5CYBn2eXjNO3sbw==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "8d0aa94d2ddc307fd3a893ea986aa953"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Fri, 19 Dec 2025 09:23:42 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: b8e5ed8b4b719d52c50cf3e899b37aa1
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1888, tp=5, tpl=0, uplat=0, ullat=-1
x-fb-debug: yCJSx7UFnzXlU8QRtUxq5iqRLCaYsSY5MAZJl6DCBiMdE4lfDhXLSuFkL7+iuqZEEdwMQCDW/GMG17mu712XEA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 76640
origin-agent-cluster: ?1

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.59/ 67 KB
28 KB 174ms
174ms Script
application/javascript 2620:1ec:bdf::69
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.59/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/lszb6za8ro
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::69 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 83146c62110f911cbc9e66daa824d1f4e1d8f8aa6508aa45fe061932db65fa27

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

x-azure-ref: 20241219T100045Z-15bc9fd5b7d9fcfvhC1MELtzbs00000008e0000000005ys3
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DD1F722A4B1A60"
x-fd-int-roxy-purgeid: 79034942
x-ms-request-id: de1dfb1b-101e-0065-5e6b-51809f000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Thu, 19 Dec 2024 10:00:45 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 18 Dec 2024 14:42:15 GMT

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/ Frame D8BF 0
0 287ms
97ms Document
text/html 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 49292
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4128
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 Dec 2024 20:19:14 GMT
etag: 17661348622971093804
expires: Wed, 01 Jan 2025 20:19:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
googleads.g.doubleclick.net/pagead/ Frame 8C38 0
0 1237ms
1078ms Document
text/html 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2659198279613193&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1733475023&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.njrat.net%2F&host=ca-host-pub-1556223355139109&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1734602445575&bpp=4&bdt=539&idt=419&shv=r20241212&mjsv=m202412090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=7529343836183&frm=20&pv=2&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089324%2C31089328%2C31089339%2C95345967&oid=2&pvsid=963240315219718&tmod=956866552&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1150%2C1150%2C1150%2C1150%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=457

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 86150
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 Dec 2024 10:00:47 GMT
expires: Thu, 19 Dec 2024 10:00:47 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
googleads.g.doubleclick.net/pagead/ Frame AD01 0
0 811ms
682ms Document
text/html 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2659198279613193&output=html&h=280&slotname=1754907781&adk=239741177&adf=3347520083&pi=t.ma~as.1754907781&w=1069&abgtt=6&fwrn=4&fwrnh=100&lmt=1733475023&rafmt=1&format=1069x280&url=https%3A%2F%2Fwww.njrat.net%2F&host=ca-host-pub-1556223355139109&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1734602445579&bpp=3&bdt=544&idt=479&shv=r20241212&mjsv=m202412090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=7529343836183&frm=20&pv=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=386&ady=135&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089324%2C31089328%2C31089339%2C95345967&oid=2&pvsid=963240315219718&tmod=956866552&uas=0&nvt=1&fc=1920&brdim=1150%2C1150%2C1150%2C1150%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=487

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 54493
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 Dec 2024 10:00:46 GMT
expires: Thu, 19 Dec 2024 10:00:46 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
277 B 1493ms
885ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.59/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.njrat.net/

Response headers

Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin: https://www.njrat.net
Date: Thu, 19 Dec 2024 10:00:47 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 Download%20NET-Crypter.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyGZJ_7wuuMI5ExDliGqQYZJ5-YZr_Dy59CF9XuwkDHtfy7qHxIJHxte4rtEu13jvyRryhNBFbp8-PJIIh_pxFHQFjsOfnpUv9hEpU_ZW2PpFABk8IOtAobn5uJNeufCPGX403BWHBwdBXdpgy... 3 KB
0 0ms
0ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

32903bee05095dca2736b53f659bd854544b488976f1c923fb8b188a29db2a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vb1"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3405
date: Thu, 19 Dec 2024 10:00:46 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Download NET-Crypter.png"

GET
H2 200 njrat%20official%20website%20Crypter%20by%20njrat.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwe2xqwd153suuH5Orm9zisrhaLi_KPvM2FVlBsDFoDCkVk9jIufeKulX9i0a69XKgIvyWLMxDi4t9zreIh0OyfjyVCxrV7QjgTDBuIG5GFH7AHV1AezA5Ik2rc7kJ3RKgQ3bO-Tcf8yDX9FVD... 4 KB
0 0ms
0ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwe2xqwd153suuH5Orm9zisrhaLi_KPvM2FVlBsDFoDCkVk9jIufeKulX9i0a69XKgIvyWLMxDi4t9zreIh0OyfjyVCxrV7QjgTDBuIG5GFH7AHV1AezA5Ik2rc7kJ3RKgQ3bO-Tcf8yDX9FVDj1onClheIi0P3EDuJvlcTggRMRoGUN3rIvJR9x9Xi0e8/w66-h66-p-k-no-nu/njrat%20official%20website%20Crypter%20by%20njrat.png=w72-h72-p-k-no-nu

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c8db1c3c5b6be9a63735defc6a5a2d7f1ef02d322ef7bd2d3522b5a70d76825b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vba"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3844
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="njrat official website Crypter by njrat.png"

GET
H2 200 MaskCrypter%20Agent%202025.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2G82rLXfCl-oZp1AzxDJC-SYt2BWHQMo13tt7T_aaNovC28SIayRF-hFFZ77AKQfsM40900gYSy3s5Hu45__kfEJVsHUzAWDImw_i5N76Zc2gOSbHcdD9-kckSlLnnSw62NQkPI61cPEj0wvk... 4 KB
0 0ms
0ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

30947a1578928c99a599a78c00eeee7a907cefebac55ea42f7fda93a3ddf5078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "vcf"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4119
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="MaskCrypter Agent 2025.png"

GET
H2 200 Crypter%202024.png=w72-h72-p-k-no-nu
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBNKgb1DWYLldKEhC7KPViQGb37IiB4qNhyphenhyphenoeuOCYaSOYaeTWdX4Lp1GL2_SgxuYDiG19ITktGXix0t4UF8SYDs64b1Hn-_fnAJ7jn8V8y3MZBlxKXLgkpTsNyGdH1d8VkGJ5J4D... 4 KB
0 2ms
2ms Image
image/png 2404:6800:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

08c8b10eff727d5f73baf58e4b07041e27b0bae9cb40d6e723e342fc94217816

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
etag: "v9c"
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 10:00:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4238
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="Crypter 2024.png"

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
277 B 294ms
292ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.59/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.njrat.net/

Response headers

Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin: https://www.njrat.net
Date: Thu, 19 Dec 2024 10:00:47 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/ 177 KB
59 KB 98ms
98ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

cafe /

Resource Hash

8c2bc0bf7d4173ae067a69b92d929d2bf35be376709117a97f1bf21d3b6bc6de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: br
etag: 1667813206267593936
age: 80565
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 11:38:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Wed, 18 Dec 2024 11:38:02 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 60482
x-xss-protection: 0
server: cafe

GET
H2 200 ca-pub-2659198279613193 Show response
fundingchoicesmessages.google.com/i/ 197 KB
65 KB 523ms
224ms Script
application/javascript 2404:6800:4006:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-2659198279613193?href=https%3A%2F%2Fwww.njrat.net&ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::200e Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3b09ce4e307e794a774652b05fc9d3b243d54dde099bb4d0c722f5803ed458ee

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-Svb3wAFvxIuM8nUQAFBx3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:47 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtHikmLw0ZBiUAjbySTx9SWTFhA7pc9gDQHi1pvnWKcDsdHa86wuQJz07zxrCRAbKlxidQZix6JLrJ5ArNpzidUciO-vu8T6HIg_1F9m_QHEM85fZl0AxEUSV1hbgJjh6xVWDiAW4uE4f7d_N5vAhyvLjzMraSTlF8Yn5-eVFGUmlZbkF6Ulp6UWpxaVpRbFGxkYmRgaGRrpGRjGFxgAAHc4R00"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-Svb3wAFvxIuM8nUQAFBx3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 246ms
245ms Image
image/gif 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pfno&evt=place&vh=1200&eid=31089324%2C31089328%2C31089339%2C95345967&hl=en&pvc=963240315219718

Requested by

Host: www.njrat.net
URL: https://www.njrat.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Thu, 19 Dec 2024 10:00:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 245ms
243ms Fetch
text/html 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s23-in-f2.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.njrat.net/

Response headers

POST
H3 204 AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 406ms
211ms XHR
text/html 142.251.221.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMz5CG32zdJinPKWsaU0t3FQYfMJqg/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ywy0GUyH4QzT-lNDSWoOVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:48 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw15BicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfjwt3-3WwCO76v6mZScknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRiaGRoZGegZm8QUGAA0BKxU"
content-security-policy: script-src 'report-sample' 'nonce-Ywy0GUyH4QzT-lNDSWoOVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 AGSKWxVPkx7B2nn5ew_swtWVoKMIJ3JJqWxuRUD5RbFOSfuW4kYCPzZLnAGPeql5nA4DadY5aqVu-3srn5hm4rs4_amxzcECfxLhnSHPmYURMN6A9vb5LWByAjbo0LbPHkmoItBfUcHJjQ== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 214ms
214ms Script
application/javascript 2404:6800:4006:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVPkx7B2nn5ew_swtWVoKMIJ3JJqWxuRUD5RbFOSfuW4kYCPzZLnAGPeql5nA4DadY5aqVu-3srn5hm4rs4_amxzcECfxLhnSHPmYURMN6A9vb5LWByAjbo0LbPHkmoItBfUcHJjQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NjAyNDQ4LDMwMjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubmpyYXQubmV0LyIsbnVsbCxbWzgsIklNejU3eWM1aFZ3Il0sWzksImVuLUdCIl0sWzE5LCIyIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:809::200e Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

83eb599b080fc8222accba4babe9491e5a9ca03dfc3200a71de72dc38b7b951d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LCiLXglE8fdjNizcPpUhNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:48 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmLw15BiOHHrNtMFIJb4-pJJC4id0mewhgBx681zrNOB2GjteVYXIE76d561BIgNFS6xOgOxY9ElVk8gVu25xGoOxPfXXWJ9DsQf6i-z_gDiGecvsy4A4iKJK6wtQMzw9QorBxAL8XBcuNu_m03gxrS_xxiVNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTAyNDI30DAzjCwwA--FLJw"
content-security-policy: script-src 'report-sample' 'nonce-LCiLXglE8fdjNizcPpUhNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 ads
googleads.g.doubleclick.net/pagead/ Frame A045 0
0 403ms
403ms Document
text/html 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&gpp_sid=-1&client=ca-pub-2659198279613193&output=html&h=280&adk=3809598800&adf=54630664&pi=t.aa~a.110265673~rp.4&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1733475023&rafmt=1&to=qs&pwprc=2271790077&format=1200x280&url=https%3A%2F%2Fwww.njrat.net%2F&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1734602447633&bpp=1&bdt=2598&idt=-M&shv=r20241212&mjsv=m202412090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da64e92779bcf07a0%3AT%3D1734602446%3ART%3D1734602446%3AS%3DALNI_Mb3fqYV6fRiSLRt_sYYHiUIbRoqxw&gpic=UID%3D00000facd8466cb1%3AT%3D1734602446%3ART%3D1734602446%3AS%3DALNI_MZUdX4YbYhIhlrcq-XOUSErTGDAlQ&eo_id_str=ID%3D816bd3468ecd8481%3AT%3D1734602446%3ART%3D1734602446%3AS%3DAA-AfjbSzjqAWdMifeofrkEqcbAn&prev_fmts=0x0%2C1069x280&nras=2&correlator=7529343836183&frm=20&pv=1&u_tz=480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1663&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089324%2C31089328%2C31089339%2C95345967&oid=2&psts=AOrYGskYKt-P0QyB0brSTnfdkhuS6JG4uKbwkWyiO78od0OJILOXKmZrLiZZBvSdhKnPBO5gdjOvgzXfupzMez7BpicivGbo&pvsid=963240315219718&tmod=956866552&uas=0&nvt=1&fc=1920&brdim=1150%2C1150%2C1150%2C1150%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=671

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 210
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 Dec 2024 10:00:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/ Frame 65EA 0
0 0ms
0ms Document
text/html 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 49292
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4128
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 Dec 2024 20:19:14 GMT
etag: 17661348622971093804
expires: Wed, 01 Jan 2025 20:19:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/ Frame 6F2C 0
0 0ms
0ms Document
text/html 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20241212/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 49292
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4128
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 Dec 2024 20:19:14 GMT
etag: 17661348622971093804
expires: Wed, 01 Jan 2025 20:19:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3EA3F1991267481893028B65773213AE&RedC=c.clarity.ms&MXFR=0832BA5105F16312118EAF0B01F16D14
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3EA3F1991267481893028B65773213AE&MUID=34701527B4BF6A623C03007DB57C6BAC

42 B
466 B

257ms
257ms

Image
image/gif

20.125.62.241
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3EA3F1991267481893028B65773213AE&MUID=34701527B4BF6A623C03007DB57C6BAC
Protocol: H2
Server: 20.125.62.241 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
etag: "d6b26d9334bdb1:0"
accept-ranges: bytes
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 42
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: image/gif
last-modified: Tue, 10 Dec 2024 13:01:06 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

Redirect headers

cache-control: private, no-cache, proxy-revalidate, no-store
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3EA3F1991267481893028B65773213AE&MUID=34701527B4BF6A623C03007DB57C6BAC
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1EA78553672647B9884F03DA74B543A0 Ref B: PER311000102049 Ref C: 2024-12-19T10:00:49Z
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 0
date: Thu, 19 Dec 2024 10:00:49 GMT
x-powered-by: ASP.NET

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 429ms
237ms XHR
application/json 142.250.71.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241212&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.71.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

9d114622980a840829c604aba5b29b3ee9bc4e87bee1454672b5ea010e50d565

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13195
date: Thu, 19 Dec 2024 10:00:49 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 favicon.ico
www.njrat.net/ 9 KB
1 KB 410ms
409ms Other
image/x-icon 2404:6800:4006:80a::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.njrat.net/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2013 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7a6384efe65b9a4e4f7e4024a1efc23e6a38111c13b2382c538baec3fb05dcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

cache-control: private, max-age=86400
content-encoding: gzip
etag: W/"d58378283b05adab383b4f41ac7ed892f6869cde065a1e59845c1acb5513ab38"
x-content-type-options: nosniff
expires: Thu, 19 Dec 2024 10:00:48 GMT
content-length: 1246
date: Thu, 19 Dec 2024 10:00:48 GMT
x-xss-protection: 1; mode=block
content-type: image/x-icon
last-modified: Fri, 06 Dec 2024 08:50:23 GMT
server: GSE

GET
H3 200 adunit. Show response
fundingchoicesmessages.google.com/f/AGSKWxVTx8oihPBE2voWChDsgM8O-b3rXwcaawvmlJvn6fi3kLD96bWMn6UrBnQJs4kVw708soyfv4O-h6w7pDC9IBh3xKOAPTCgROhsvKXrhkiydIj4D2B20Mm5XykbJtLYoLpfUCAuYtEAA6N_XNF2yhfruu5Q1... 54 B
109 B 198ms
197ms Script
application/javascript 142.251.221.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVTx8oihPBE2voWChDsgM8O-b3rXwcaawvmlJvn6fi3kLD96bWMn6UrBnQJs4kVw708soyfv4O-h6w7pDC9IBh3xKOAPTCgROhsvKXrhkiydIj4D2B20Mm5XykbJtLYoLpfUCAuYtEAA6N_XNF2yhfruu5Q1b72I0-5cQ8eV3lftRbHUiIteWvtbcs-/_/gadv-right.-ad-refresh//adguard./popupads./adunit.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.IMz57yc5hVw.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMxsRjaGQgg_qEWxm6phgf2MMsNNOQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

6999b100ee777f211a159ce47deff0bbdfff171fbd95678a1ed39ddb7671526d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-N-XPUrP1A253WeB36_K2jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmLw0JBiOHHrNtMFIJb4-pJJC4id0mewhgBx681zrNOB2GjteVYXIE76d561BIgNFS6xOgOxY9ElVk8gVu25xGoOxPfXXWJ9DsQf6i-z_gDiGecvsy4A4iKJK6wtQMzw9QorBxALcXNcvNu_m01gwd5ZhUoaSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRfFGBkYmhkaGRnoGhvEFBgCXrUpW"
content-security-policy: script-src 'report-sample' 'nonce-N-XPUrP1A253WeB36_K2jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 70 KB
26 KB 99ms
99ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

cafe /

Resource Hash

cf93db5f15fb6b90864ea934827bca87f92e75ad6a3aab83881b1f6777ee8929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: br
etag: 82456162888936996
age: 1339
x-content-type-options: nosniff
expires: Thu, 19 Dec 2024 10:38:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 19 Dec 2024 09:38:30 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26167
x-xss-protection: 0
server: cafe

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-yplydF7bQ5iYh_FPOATtmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1ZBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiJvj4t3-3WwCL6YeK1JyScovjE_OzytJzSvRTUwp1gWxizKTSkvyi1DYqWUgFTn56emZeenxRgZGJoZGhkZ6BmbxBQYA6PIq2g"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-yplydF7bQ5iYh_FPOATtmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 18 KB
7 KB 614ms
322ms Script
text/javascript 2404:6800:4006:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412090101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Thu, 19 Dec 2024 10:00:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8ykHr_cWLEpkLv0oWyn4VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1ZBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfj4t3-3WwCDbtnL2VUcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRiaGRoZGegZm8QUGAOnlKqI"
content-security-policy: script-src 'report-sample' 'nonce-8ykHr_cWLEpkLv0oWyn4VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gbqXr_RhUr2FclYoaxby0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1pBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfj4t3-3WwCC15su8So5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwMjQyN9AzM4gsMABdRKz0"
content-security-policy: script-src 'report-sample' 'nonce-gbqXr_RhUr2FclYoaxby0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-k8awK8kdLUPp71KaYkBr5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw05BicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfj4t3-3WwCE2Y-vsio5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwMjQyN9AzM4gsMAAYoKwU"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-k8awK8kdLUPp71KaYkBr5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxW03DoTbyq846oMJisZEoOc9TTTNnR_jSFl3K_xu4miI7uCqh7opfbMY5qy9dL-g6HS-0w-6TUcXb9w8oLR2svDPQHyGke8laEBP5U5I577hYuipyfk7xTMNmaqkCvZDczT-vx4_g== Show response
fundingchoicesmessages.google.com/f/ 6 KB
2 KB 216ms
216ms Script
application/javascript 142.251.221.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW03DoTbyq846oMJisZEoOc9TTTNnR_jSFl3K_xu4miI7uCqh7opfbMY5qy9dL-g6HS-0w-6TUcXb9w8oLR2svDPQHyGke8laEBP5U5I577hYuipyfk7xTMNmaqkCvZDczT-vx4_g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NjAyNDQ5LDMzNzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm5qcmF0Lm5ldC8iLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

1f324d0e30c5993bc906890c4dcf0eafb4b562db9a8895bd0ae1e08f07e3e394

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fFWV6c-AozyRI1BbjiRM0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcFy827-bTWDG8oabjEoaSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRfFGBkYmhkaGRnoGhvEFBgCUJkWC"
content-security-policy: script-src 'report-sample' 'nonce-fFWV6c-AozyRI1BbjiRM0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
277 B 318ms
316ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.59/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.njrat.net/

Response headers

Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin: https://www.njrat.net
Date: Thu, 19 Dec 2024 10:00:49 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-ds4XyoTMjcugS2vJiyuRkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1JBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfj4t3-3WwCO7YfOcik5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwMjQyN9AzM4gsMAAtMKxg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-ds4XyoTMjcugS2vJiyuRkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxUHmfPmMK9CF-RRaHSGHP80vge9rVhquTcWimjkJ5-99pD4QGX2Ax9L49HTz7bVxQJW5XB9d00P3cVUU4QP0-KK9jJfMKTtumyWh5m3HDpqaAODkZ7k9s2RRKTnWUh8EeAxF--Rfw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
1 KB 300ms
300ms Script
application/javascript 142.251.221.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUHmfPmMK9CF-RRaHSGHP80vge9rVhquTcWimjkJ5-99pD4QGX2Ax9L49HTz7bVxQJW5XB9d00P3cVUU4QP0-KK9jJfMKTtumyWh5m3HDpqaAODkZ7k9s2RRKTnWUh8EeAxF--Rfw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NjAyNDQ5LDU1OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm5qcmF0Lm5ldC8iLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

d5f504fb09064ab17c8a2a0cedbb40ed55127e9a4ab34e7640433c079b666272

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FQGNPgyvrBxhMTaQODYkYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:49 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw05BikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcFy827-bTaDjzKf9TEoaSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRfFGBkYmhkaGRnoGhvEFBgCmUUXu"
content-security-policy: script-src 'report-sample' 'nonce-FQGNPgyvrBxhMTaQODYkYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame CEA8 0
0 377ms
96ms Document
text/html 2404:6800:4006:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2001 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 Dec 2024 09:50:27 GMT
expires: Thu, 19 Dec 2024 10:40:27 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 8877 0
0 390ms
198ms Document
text/html 142.250.66.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.66.228 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vxl-2lh-Ydbycxa0xp8HIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.njrat.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vxl-2lh-Ydbycxa0xp8HIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 19 Dec 2024 10:00:50 GMT
expires: Thu, 19 Dec 2024 10:00:50 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AGSKWxUAM0B7Joh9IPSyvUSovD4Np5QxACRV2cMVbIREr_aMUoMakberWeI4lCyWdv5tduM-TPtSrLQTEPYMoRo0ycOATiMXM8UC97LJM31RsXxLs_-XYeM9hgJ05VzMrC5GClagGjdVKg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 312ms
312ms Script
application/javascript 142.251.221.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUAM0B7Joh9IPSyvUSovD4Np5QxACRV2cMVbIREr_aMUoMakberWeI4lCyWdv5tduM-TPtSrLQTEPYMoRo0ycOATiMXM8UC97LJM31RsXxLs_-XYeM9hgJ05VzMrC5GClagGjdVKg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NjAyNDQ5LDg2MzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMCw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubmpyYXQubmV0LyIsbnVsbCxbWzgsIklNejU3eWM1aFZ3Il0sWzksImVuLUdCIl0sWzE5LCIyIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

cc39e6a20ba6a912f41e1cb652093edafb83cac3ff0843723d4448b883139871

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Trmnyfu_f-m4tlta6UEHyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.njrat.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:50 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw05BikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAtxc1y627-bTWDBgWZVJY2k_ML45Py8kqLMpNKS_KK05LTU4tSistSieCMDIxNDI0MjPQPD-AIDAD6DROc"
content-security-policy: script-src 'report-sample' 'nonce-Trmnyfu_f-m4tlta6UEHyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxXi7YuQfZxWNz7A_oGCj4AYQTK0NE4PAcuxoRm0FS4oVwVqVcOxgbAgnAO7Db5xBNcSOwXKk1pHdqZoCHogVOdDc_A25oRMwTpNATfK9AYmHNMjm6Ou5shNaajzDLLeWc-9npBvfg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 209ms
208ms XHR
text/html 142.251.221.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXi7YuQfZxWNz7A_oGCj4AYQTK0NE4PAcuxoRm0FS4oVwVqVcOxgbAgnAO7Db5xBNcSOwXKk1pHdqZoCHogVOdDc_A25oRMwTpNATfK9AYmHNMjm6Ou5shNaajzDLLeWc-9npBvfg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-7jGOMdavdYwdtaGo5iKo1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:50 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0pBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfj0t3-3WwCL971djIquSTlF8Yn5-eVpOaV6CamFOuC2EWZSaUl-UUo7NQykIqc_PT0zLz0eCMDIxNDI0MjPQOz-AIDAA3NKxk"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-7jGOMdavdYwdtaGo5iKo1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWGjak6ZhxsFJYertWxlLNHbrAr7hhVrTFHpN3zvTJo1xAyFGkBBcCier3OvU0MJsNAc70pGZ0bhqG9hs96ym5k18yeD2j1ZxX5w9wt_UgPRlp-Hdzo9mN4ZiNIQKjCqddC-j411A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Gxq4fDkQYgFhC27zeV2t0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.njrat.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 10:00:50 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1pBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIfj0t3-3WwCO258bmdUcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRiaGRoZGegZm8QUGABZXKzg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Gxq4fDkQYgFhC27zeV2t0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.njrat.net
content-length: 0
x-xss-protection: 0
server: ESF

GET sodar
ep1.adtrafficquality.google/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blogger.googleusercontent.com
URL: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbovM1Pp40H4Rksj4mXDBGw86EiHzcaDVOVqAs-ZqbzeH5xpSKJCozkfYWOD9fvoJoGRFVk5Ta8fvY8g8h5qpgsQ7mNn6McmzB04bePU2pr9dRtZoE-AkW-P9I2GcWjd-hLtjoKLRPENsW5JGLP0wY9o_Dl_eA8qj4jZdzkwQbpU9FgHKjXVpwvr46pWY5/w72-h72-p-k-no-nu/VB.NET%20Strong%20Crypter%20Avoids%20WD.PNG

Domain: blogger.googleusercontent.com
URL: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyGZJ_7wuuMI5ExDliGqQYZJ5-YZr_Dy59CF9XuwkDHtfy7qHxIJHxte4rtEu13jvyRryhNBFbp8-PJIIh_pxFHQFjsOfnpUv9hEpU_ZW2PpFABk8IOtAobn5uJNeufCPGX403BWHBwdBXdpgyh5NeCJisf38AV1PmZvLSxiJZRm2MulVp5wpFGzrgxccZ/w72-h72-p-k-no-nu/Download%20NET-Crypter.png

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241212&jk=963240315219718&bg=!oKOlo-zNAAbtGp3CzRo7ADQBe5WfOFugRpJEsezMpDG_X1k6ZeFLBu0o4zqLv26Cc1X4cgW9kUhPzc7eH5j6M2OztOVSAgAAADZSAAAAA2gBB34ANlI5-MKSFHI8cGuXR5Mt7Uin8Oo9iJZYb1a4-HuegBV27cJFldP0tI5c-R1lECD8yW1CfAQuF5kCpST28ncQQ79F8i7_rlLAg_A301sIADFH-wEsXt-ep6evu43DKdOW0VnnnR56edqMOn2QOPhrznuS9wryX1KQpTPJoYJZDMk0hJ1Wdt6x4zDFxlhMGy_lA8UP1QtxPqKIk96-0kMfXnCxYozPahDxPFAm5og3hfoeydnKRuMaos8e4BJ3zE3F0rOsmXDwi_KXgO1qKPZffb9W8xrpfqG5ElC_C82lCIE8ySxbH3smcWbuYGSupLOAoV8_-dTpGNr1cEZ6hiy0zLlvCYCa4XffhaYMYtRTWixmMYaliL3KVu2QyrDC5ak78dyLNCNwylDJ5ezSXcskvz2PkDrGzcw_F79Z3fPOKiF6dswx6OSTnsg3hyNETLyHrZQA38dRwQ841OSJmm10ANwKZVpebBjdpuYVL2ZvhlTbS1IfeRONWciobPddNdp9x6dFejGldxCGeNQnAVpyn_WApKmY5aMPWyqndSS2gARk7o-YwfzHb1hqCvTLBji-K-Dk6e8ja_0afRaUKn1Sq-9NyL_2YAEogtD2xIXP6p2aqhZVWHdyfOkx24fOaXtfPoXNZjwpBya3sGys3FYwfcs1sH8MQ4fuMrkaWDoeGoym1bc1k0rBz4K9ZJPwXB1N_4R1m19qH-Flc2BsACl03FY7Q9MZavAYvtLheAtdqbbZgTedFq1jmBbPVW_PGoZCcS9oEVHzWw5vTLZEfFjIqJVyIzSmMRBXaQ3iYhU-8PqCHAzLaF40ZW6oXb0OPTIAXzicdzPEK3adW9NJlEzzG1I5W6zqG-tz_26U3utIutzjhNEdkXaoKzHIMlLf3HQidEu1pUMBnMk2_hkr6I6aw1zeqkvcfLZzPmb5wv1eAF_qLcEsCV0trShAj2_fbZyYPeJJnd8OQtXfYs5XAQ87

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.clarity.ms/	1970-01-21 10:35:38	Name: CLID Value: e434b358623c43ce8ebcc62c5eb5e400.20241219.20251219
.njrat.net/	1970-01-21 10:35:38	Name: _clck Value: 1pft5rv%7C2%7Cfru%7C0%7C1814
.doubleclick.net/	1970-01-21 11:26:02	Name: IDE Value: AHWqTUkuhZZ7_-h_OjEP1hl96FznIuMiIVNo49WUV6GPkIt19xl33dmxFOKgQrH-kJM
.doubleclick.net/	1970-01-21 01:50:03	Name: test_cookie Value: CheckForPermission
.njrat.net/	1970-01-21 11:11:38	Name: __gads Value: ID=a64e92779bcf07a0:T=1734602446:RT=1734602446:S=ALNI_Mb3fqYV6fRiSLRt_sYYHiUIbRoqxw
.njrat.net/	1970-01-21 11:11:38	Name: __gpi Value: UID=00000facd8466cb1:T=1734602446:RT=1734602446:S=ALNI_MZUdX4YbYhIhlrcq-XOUSErTGDAlQ
.njrat.net/	1970-01-21 06:09:14	Name: __eoi Value: ID=816bd3468ecd8481:T=1734602446:RT=1734602446:S=AA-AfjbSzjqAWdMifeofrkEqcbAn
.googleadservices.com/	1970-01-21 03:59:38	Name: ar_debug Value: 1
.njrat.net/	1970-01-21 01:51:28	Name: _clsk Value: 1no40c2%7C1734602447695%7C1%7C1%7Cf.clarity.ms%2Fcollect
.bing.com/	1970-01-21 11:11:38	Name: MUID Value: 34701527B4BF6A623C03007DB57C6BAC
.c.bing.com/	1970-01-21 02:00:07	Name: MR Value: 0
.c.bing.com/	1970-01-21 11:11:38	Name: SRM_B Value: 34701527B4BF6A623C03007DB57C6BAC
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 11:11:38	Name: MUID Value: 34701527B4BF6A623C03007DB57C6BAC
.c.clarity.ms/	1970-01-21 02:00:07	Name: MR Value: 0
.c.clarity.ms/	1970-01-21 01:50:03	Name: ANONCHK Value: 0
.njrat.net/	1970-01-21 10:35:38	Name: FCNEC Value: %5B%5B%22AKsRol-DgbZhxiQ3ddsELmcqChxGHLIqZ1cz0K-ACRxzRYN7A37i2oppyjwVXE_TT8d2u8D08U0W5rkXVb6LQbxK--9C4LMqjb-Dpw0XEQSGOV_kwn6PIO7lSAi5_3UNJjzskDoj1SpiAqDk_V59I3bEZRrPlTu82w%3D%3D%22%5D%5D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
blogger.googleusercontent.com
c.bing.com
c.clarity.ms
cdn.ampproject.org
cdn.jsdelivr.net
connect.facebook.net
ep1.adtrafficquality.google
ep2.adtrafficquality.google
f.clarity.ms
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
stackpath.bootstrapcdn.com
www.blogger.com
www.clarity.ms
www.google.com
www.njrat.net
blogger.googleusercontent.com
ep1.adtrafficquality.google
104.18.11.207
142.250.66.194
142.250.66.195
142.250.66.228
142.250.71.66
142.251.221.78
157.240.8.23
20.125.62.241
2404:6800:4006:804::2009
2404:6800:4006:809::2001
2404:6800:4006:809::200e
2404:6800:4006:80a::2001
2404:6800:4006:80a::2013
2404:6800:4006:814::200a
2606:4700::6812:ba1f
2620:1ec:bdf::69
2620:1ec:c11::237
51.8.44.252
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
07691bc54aae9447e11da47c53eb202bb7450df03d6acb1728365bf81d1c7889
08bee2aa18391a2ebbb79c3bd68d09b2b841352bfbdcbb4c77cf07de98464a7e
08c8b10eff727d5f73baf58e4b07041e27b0bae9cb40d6e723e342fc94217816
09af0ad72e0613ec9510e9186fa256c08b303343395ae48b6a56222127ba8c1b
1cbb3a858083cc60e0c795fcc2bab05320c6c7f235e2a8b45c00b24c4824fe5a
1f324d0e30c5993bc906890c4dcf0eafb4b562db9a8895bd0ae1e08f07e3e394
2a8ffe740b4d3aae8231ec6f95a3d186007d33c5e7fc1abbfd5ba23604230446
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
30947a1578928c99a599a78c00eeee7a907cefebac55ea42f7fda93a3ddf5078
32903bee05095dca2736b53f659bd854544b488976f1c923fb8b188a29db2a37
3b09ce4e307e794a774652b05fc9d3b243d54dde099bb4d0c722f5803ed458ee
46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
556eb85f60368837347be3b840f6c4542ddcd71d23436f449d945321b92f0bd3
55ffa4e394928edf44f4f523f21dbf531c2ad7307329c5fef00f7e5b47792167
56b777d781db5a91e3bf97bf76748b4bdca535ee170ea8cda970a4a5ed6f48b0
5e903ff59b67ae85f1fefef8188c6ed230840575c9f798fce5e83224bf8a5398
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6999b100ee777f211a159ce47deff0bbdfff171fbd95678a1ed39ddb7671526d
6de220a6e860b1594f779540b63bf25bb1efc1024ba95579e2ea8918c95c3fef
7081f13bd2b731be9939ee98b694ef7947ec8a9c9d0e2720de82ae94ea3d2f9c
723aa71f12cd6dd309f010b66d24d6b834303bebb91a9361861064d2da57a8f2
72e50149514cc607393f99a201d3f9fe343ff9e43d9a811e4caf1e7aae17583d
782b5f860ff7f176c46f372454fdd7e60c085a95f13ed95cf4e4221331781262
7a6384efe65b9a4e4f7e4024a1efc23e6a38111c13b2382c538baec3fb05dcc8
7a9a49efb33627e1afa3f0e8d1107600adeee7a8a78e9f67ec7bf2543bab5693
811927af1a3813b07b631bce93d9020fb086d89ca9066c565ae85051a92d3424
82eb49f51b580c387c63d9239096f02987a4eabf0259deb0d8959325fcd4e3b0
83146c62110f911cbc9e66daa824d1f4e1d8f8aa6508aa45fe061932db65fa27
83eb599b080fc8222accba4babe9491e5a9ca03dfc3200a71de72dc38b7b951d
8c2bc0bf7d4173ae067a69b92d929d2bf35be376709117a97f1bf21d3b6bc6de
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d114622980a840829c604aba5b29b3ee9bc4e87bee1454672b5ea010e50d565
a74e13f0f3abe3e773d4934d2764f7e789551d0046fb4e23a6672f70a5c26c16
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
c050deedbcf91679957f19e03f21cf4106b6b22feb9414492418dd413955e8ff
c8db1c3c5b6be9a63735defc6a5a2d7f1ef02d322ef7bd2d3522b5a70d76825b
cc39e6a20ba6a912f41e1cb652093edafb83cac3ff0843723d4448b883139871
ce820e52727f38b545fbec6e11b7f80b8cf1f3e4157eb6199eea4fba676b9d49
cf93db5f15fb6b90864ea934827bca87f92e75ad6a3aab83881b1f6777ee8929
d5f504fb09064ab17c8a2a0cedbb40ed55127e9a4ab34e7640433c079b666272
e107d3a7aefcf9c16134967990624c1589973ee1aa28a3f0a59ea29eda4c410d
e1e9c7b56afb156c698d075887eafaddbd0de33df2fe744f3ce5f070200ae8b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61b80ce652526a17cc33b5e3e590752e70639d79faae65ee62483c594b02a48
ea10c30e79f2497b55ec87931438ff0bceb63f5e75a1256c7830a4f28438d0a9
f8b175234d05b72c5d5cfd5cefa8da032d01185dfd9a05f043edc6d4c35942df
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

www.njrat.net Open in urlscan Pro 2404:6800:4006:80a::2013 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

76 Requests

95 %HTTPS

50 %IPv6

15 Domains

19 Subdomains

18 IPs

3 Countries

1056 kBTransfer

2557 kBSize

17 Cookies

7 Outgoing links

Page URL History

Redirected requests

76 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.njrat.net Open in urlscan Pro
2404:6800:4006:80a::2013 Public Scan

Screenshot
Live screenshot

Full Image

76
Requests

95 %
HTTPS

50 %
IPv6

15
Domains

19
Subdomains

18
IPs

3
Countries

1056 kB
Transfer

2557 kB
Size

17
Cookies

76 HTTP transactions
0 data transactions