hunt.io Open in urlscan Pro
35.71.142.77 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Submission: On November 03 via api (November 3rd 2024, 12:00:09 pm UTC) from SA — Scanned from US

Summary HTTP 63 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 6 domains to perform 63 HTTP transactions. The main IP is 35.71.142.77, located in United States and belongs to AMAZON-02, US. The main domain is hunt.io.
TLS certificate: Issued by WR1 on October 2nd 2024. Valid for: 3 months.

This is the only time hunt.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	35.71.142.77 35.71.142.77	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
49	2600:9000:24f... 2600:9000:24f4:c800:d:ada1:a280:93a1	16509 (AMAZON-02) (AMAZON-02)
2	13.226.94.77 13.226.94.77	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:27c... 2600:9000:27c5:9e00:d:6b42:4ec0:93a1	16509 (AMAZON-02) (AMAZON-02)
63	6

1 35.71.142.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0b1d980e1f2226c6.awsglobalaccelerator.com

hunt.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2600:9000:24f4:c800:d:ada1:a280:93a1 (United States)

ASN16509 (AMAZON-02, US)

framerusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.94.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-77.jfk52.r.cloudfront.net

events.framer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:27c5:9e00:d:6b42:4ec0:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.framerstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	framerusercontent.com framerusercontent.com — Cisco Umbrella Rank: 26990	1 MB
2	framer.com events.framer.com — Cisco Umbrella Rank: 37544 framer.com Failed	7 KB
1	framerstatic.com app.framerstatic.com — Cisco Umbrella Rank: 182747	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	107 KB
1	hunt.io hunt.io app.hunt.io Failed	44 KB
0	google-analytics.com Failed www.google-analytics.com Failed
63	6

	Domain	Requested by
49	framerusercontent.com	hunt.io framerusercontent.com
2	events.framer.com	hunt.io events.framer.com
1	app.framerstatic.com	hunt.io
1	www.googletagmanager.com	hunt.io
1	hunt.io
0	framer.com Failed	framerusercontent.com
0	www.google-analytics.com Failed	www.googletagmanager.com
0	app.hunt.io Failed	hunt.io
63	8

This site contains links to these domains. Also see Links.

Domain
app.hunt.io
github.com
asec.ahnlab.com
www.trendmicro.com
tria.ge
web.archive.org
x.com
www.linkedin.com

Subject Issuer	Validity	Valid
hunt.io WR1	`2024-10-02` - `2024-12-31`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
framerusercontent.com Amazon RSA 2048 M02	`2023-12-18` - `2025-01-14`	a year	crt.sh
events.framer.com Amazon RSA 2048 M03	`2024-04-09` - `2025-05-07`	a year	crt.sh
framerstatic.com Amazon RSA 2048 M02	`2024-09-22` - `2025-10-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Frame ID: 53ED2E7B2904E7BE3ECFF43B8D237CBD
Requests: 63 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

63
Requests

86 %
HTTPS

60 %
IPv6

6
Domains

8
Subdomains

6
IPs

1
Countries

1428 kB
Transfer

5264 kB
Size

2
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://app.hunt.io/dashboard
Title: Login

Search URL Search Domain Scan URL

URL: https://github.com/creaktive/tsh
Title: Tiny SHell

Search URL Search Domain Scan URL

URL: https://app.hunt.io/open-directory-crawler?host=http://27.124.45.146:9998
Title: Open directory page for 27.124.45[.]146

Search URL Search Domain Scan URL

URL: https://asec.ahnlab.com/en/62144/
Title: AhnLab

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
Title: Trend Micro

Search URL Search Domain Scan URL

URL: https://tria.ge/241017-zxmlkazbjj
Title: Triage analysis of na.elf processes

Search URL Search Domain Scan URL

URL: https://app.hunt.io/open-directory-files-search-tag?malware_tag=rekoobe
Title: Results of clicking the Rekoobe tag to find additional open directories hosting the malware

Search URL Search Domain Scan URL

URL: https://app.hunt.io/domains/27.124.45.146
Title: Domain overview showing typosquatting domains targeting TradingView

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20240907145404/https://tradingviewll.com/
Title: Wayback machine results for tradingviewll.com

Search URL Search Domain Scan URL

URL: https://app.hunt.io/assoc/27.124.45.146
Title: The Associations Tab in Hunt displays associated IPs that can be pivoted to enhance investigations

Search URL Search Domain Scan URL

URL: https://app.hunt.io/open-directory-crawler?host=http://27.124.45.211:9998
Title: Open directory contents for 27.124.45[.]211:9998

Search URL Search Domain Scan URL

URL: https://app.hunt.io/open-directory-by-sha256?sha_256=a1c0b48199e8a47fe50c4097d86e5f43a1a1c9a9c1f7f3606ffa0d45bb4a2eb3
Title: Results of SHA-256 search across all open directories for similar files

Search URL Search Domain Scan URL

URL: https://x.com/Huntio?t=tNAyMYy3rMSrq6u0XIpZRg&s=09

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hunt-intelligence-inc/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users Show response
hunt.io/blog/ 550 KB
44 KB 397ms
129ms Document
text/html 35.71.142.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.71.142.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a0b1d980e1f2226c6.awsglobalaccelerator.com

Software

Framer/4d5d6b1 /

Resource Hash

7cd698d05ce984570bd257019cd83a3bc8e80fe24a59438e62fce5a79fe68f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-length: 44514
content-type: text/html
date: Sun, 03 Nov 2024 12:00:02 GMT
etag: "54eff6890114d753b790f967f3151fe3"
last-modified: Thu, 31 Oct 2024 18:51:28 GMT
link: <https://framerusercontent.com>; rel="preconnect", <https://framerusercontent.com>; rel="preconnect"; crossorigin=""
server: Framer/4d5d6b1
server-timing: region;desc="us-east-1", cache;desc="not-cached", ssg-status;desc="optimized", version;desc="4d5d6b1"
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 321 KB
107 KB 151ms
48ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2d18875b92a500199a2d18dfa37ac950f5e26b756fa064931b4bc937835e52e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sun, 03 Nov 2024 12:00:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 03 Nov 2024 12:00:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 108777
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 chunk-RG66I2KX.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 656 KB
186 KB 196ms
102ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RG66I2KX.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

0c8f7a09fde5ea166851f8db6ab7ced6a8a5d38d2c372b31601e9480ddc1f08c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"c225ed90f1f25fa1cfe5a4d8959853b4"
x-amz-version-id: B38fJVnXTEmt5dD4K8wtOowwwLg1CxA6
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: EtUnbyEWx2S6e7fbsQzpb7cX7fLVMNpAnohRYai7wDV3ECr3Gf8bZQ==
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:19 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="EtUnbyEWx2S6e7fbsQzpb7cX7fLVMNpAnohRYai7wDV3ECr3Gf8bZQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=26
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-RIUMFBNJ.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 447 B
1 KB 154ms
66ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RIUMFBNJ.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
etag: "30ed32fa3444df726bb60d89113cf478"
x-amz-version-id: vYavs6UabxhB5PKPh4VT.q026xitGK6K
age: 4127990
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: xbLeT3yX2ptgClp_PrPA_1DP0UCifdQjBGRVvKrK0wLH11jKQOo0JA==
date: Mon, 16 Sep 2024 17:20:14 GMT
content-type: text/javascript
last-modified: Mon, 16 Sep 2024 15:39:52 GMT
vary: Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="xbLeT3yX2ptgClp_PrPA_1DP0UCifdQjBGRVvKrK0wLH11jKQOo0JA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=17
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 447
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 Iymjj8QC5OxAta8Q0AowEU0LdJkH5QSbZAHFTDYtfw0.RLNIAWZI.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 374 KB
50 KB 149ms
61ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Iymjj8QC5OxAta8Q0AowEU0LdJkH5QSbZAHFTDYtfw0.RLNIAWZI.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

40465f0c69a61ab4bf5e6342d357915b08d34bbfca7cef1301b02141e33228e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"d13facbdafd2682a8d7b4d0ebcdbeb7d"
x-amz-version-id: cudnjLoq0kC2WUCfIqraKzvWsVzAyNbl
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 6FJrVgw6a0-0L8WLf_-IMl1crd3vT2iT9Ia2XAtgKjTnyefr22sNOg==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="6FJrVgw6a0-0L8WLf_-IMl1crd3vT2iT9Ia2XAtgKjTnyefr22sNOg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=16
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-IPQIVA73.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 269 KB
66 KB 156ms
68ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-IPQIVA73.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f6967adc447cc47bd8bd52ae0cd9a67b5b3c76a741d3ef4345299b7387ab3903

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"cdd5fb9ad025a996a155eb17dcf7cf93"
x-amz-version-id: zCAUch2cEHNaM9PNyBoQxUUrtgBUNteU
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: nHNLMoLKgozbzyF4tYYNss42mITnHuGM6vNZ_mArt54fzzsiYOTWiQ==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="nHNLMoLKgozbzyF4tYYNss42mITnHuGM6vNZ_mArt54fzzsiYOTWiQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=18
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-IQJXJS56.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 2 MB
461 KB 168ms
81ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-IQJXJS56.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"31dd62f5e78dc021748cb2e226a1a631"
x-amz-version-id: ha0.ZQo2WOP80YQTROckWsD0vmO7dcYH
age: 1446280
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: z3qcyHtneLDckE1hsj8ObSbTvuusAinjdREs_RtbKpCwPbqDMUWqlA==
date: Thu, 17 Oct 2024 18:15:24 GMT
content-type: text/javascript
last-modified: Thu, 17 Oct 2024 17:21:59 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="z3qcyHtneLDckE1hsj8ObSbTvuusAinjdREs_RtbKpCwPbqDMUWqlA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=19
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-7UCX6LPI.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 383 KB
56 KB 164ms
77ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7UCX6LPI.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

9ba3d9cd08e0e2e982305b3cf1351b793cff4d4c3a721939ab1aba9bfbecec1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"f55aff1ba9a774360458fea6a44c61b6"
x-amz-version-id: yD73lhJizwXjv2koKnCe_Zdz8NbTOurX
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: iHWDnT8Qd7M8Dq0iIQgrRLDS2nQbQWep5111H7UaDq3yusI6mh-G7g==
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:19 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="iHWDnT8Qd7M8Dq0iIQgrRLDS2nQbQWep5111H7UaDq3yusI6mh-G7g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=18
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-7HYMZOAC.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 55 KB
18 KB 188ms
101ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

be452a69733e49f9261fd48e1b2649e9d0fd02310623c9025f47c6d9f5b249f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"f87454c9ddc48cb83cb82a2f553a8010"
x-amz-version-id: 37gwFNcQsRU9rRBIXH9hdnxUiQ7.QSMD
age: 233134
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: KRrTuiMhkYMfEf588wAIGIRkmJ3n2dnpxFqSzcFKJCKu34ww_yuQxw==
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:19 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="KRrTuiMhkYMfEf588wAIGIRkmJ3n2dnpxFqSzcFKJCKu34ww_yuQxw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=21
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-ROFDMJRC.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 22 KB
5 KB 144ms
58ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-ROFDMJRC.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4a87684a7eaf6a1267acccf116bf950f0ecfe117a381262279793546dd34b1fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"50692b32709cd66219cb07a87f1cdcbf"
x-amz-version-id: MeqoL4i7rEqKhgQDZRFoFGZg3shJKWc2
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: KaoG1ZMnTeKi6hAIl5XoSyZp5lfXehrZBdNdzTvSrtSiNgglnsBCaw==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="KaoG1ZMnTeKi6hAIl5XoSyZp5lfXehrZBdNdzTvSrtSiNgglnsBCaw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=14
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-7DGAI3MI.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 145 KB
21 KB 139ms
52ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7DGAI3MI.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

c05f01828760b7f62c56f54e661db6fbbacb8119d4e3a7fdb19adc5bbb30d197

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"2fb9d5af93cfc3102907f61972f75558"
x-amz-version-id: 7YyJy4lDHYIJOo3hR.fGyldax91vnUqI
age: 233132
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: TcJthuccWcux1uHJ2SGhQBCAg9991QWuCY8DzzFnUkNIUzi2K-sGWw==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="TcJthuccWcux1uHJ2SGhQBCAg9991QWuCY8DzzFnUkNIUzi2K-sGWw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=14
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-FY5FDOIZ.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 781 B
2 KB 133ms
47ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-FY5FDOIZ.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

7b96eeae71395c3038c0858e611d355f0184e036b30246ed3771197f9d777fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
etag: "430811e3d1e20c0a8111ccbcee34b6c2"
x-amz-version-id: K1EFCu1GMI.3uWB3SsZ.KSa8vrxi.PFX
age: 233134
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: w3Dr7WG7OyAN9xkl-Q7Wr3AAdmKJ980C66s_E2CZQ5sIRqsRh13Qww==
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="w3Dr7WG7OyAN9xkl-Q7Wr3AAdmKJ980C66s_E2CZQ5sIRqsRh13Qww==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=13
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 781
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-GPRLDQDE.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 3 KB
2 KB 131ms
45ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-GPRLDQDE.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

550a12a417b7883808ec6b46613d9facb78a41a1b9b54178015fb3524522f298

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"04e2d6f72b2db18166ee6dd660192cd7"
x-amz-version-id: KN7b1f42C9VyY4Y_iya2yO3aG0VbAtzo
age: 407635
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: go-Xdd7oeRESvcybBwh66qDHgtm4RkFoCQ3sgRfbU-sQTMcbv31MiA==
date: Tue, 29 Oct 2024 18:46:09 GMT
content-type: text/javascript
last-modified: Tue, 29 Oct 2024 18:16:42 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="go-Xdd7oeRESvcybBwh66qDHgtm4RkFoCQ3sgRfbU-sQTMcbv31MiA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=12
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-UBZRP4TP.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 9 KB
2 KB 142ms
57ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-UBZRP4TP.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

6e4594993d1de38c4a66dd1afb5f3343d6f08cbc382f925fa456dad68542d3bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"0e660793ac09d8a3a99d306c6bb07177"
x-amz-version-id: p5eM_y1XLN.wjx1018nfKhGuXNfbOV5Y
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: D1lH3itwsPqRKOcyxusuVrMBSfiolH8c01L3_8qzW2T7h2-DLxDaqg==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="D1lH3itwsPqRKOcyxusuVrMBSfiolH8c01L3_8qzW2T7h2-DLxDaqg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=15
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-76BGG4V3.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 20 KB
5 KB 187ms
102ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-76BGG4V3.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

664a53dc4967e208e3de51547b044aedbde20b46b5456e1c89ef7683650b42ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"333359a8157e986d20028e936ed51605"
x-amz-version-id: XSsfOfjWO.NkGuIB0oSA87z7xd5OdW1H
age: 233132
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 1BpFVW8od7ofZBmzDF4oRoDR113_d1ash3pl-zzSEpLJpsj8Hmbecw==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="1BpFVW8od7ofZBmzDF4oRoDR113_d1ash3pl-zzSEpLJpsj8Hmbecw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=22
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-I3GMFM3K.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 700 B
2 KB 143ms
59ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-I3GMFM3K.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

b4067ec53c32cabf91cf78f3b56e26d2aa0ecbf15657bd64f260c123ab4bc0d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
etag: "cd50f886ceb6f948394d383f755facda"
x-amz-version-id: VxEV15UYshXOy1xrryY_CU2vwCiv2ueF
age: 233133
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: GTtMo0wrShDcfmB66JDzp1oAahkqhkNn44x_i4xW4hgFIGa1ZxuRmw==
date: Thu, 31 Oct 2024 19:14:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:19 GMT
vary: Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="GTtMo0wrShDcfmB66JDzp1oAahkqhkNn44x_i4xW4hgFIGa1ZxuRmw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=16
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 700
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-FKEV34VE.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 4 KB
3 KB 185ms
100ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-FKEV34VE.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

63d93f8892cd70a779771119dfac565d98329a7c6b468d30d42de5eb03e582b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"d6e9fcb100903f19a669dc3b53a4448d"
x-amz-version-id: 4fah_S7zlFSIK0PyRIlsZQ6XSVXmBVXH
age: 233134
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Lq2WdSq7zixB8QG4bTBp3QH540qScrm4tUZbEs87rMUjjI4RTFrw5A==
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:19 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="Lq2WdSq7zixB8QG4bTBp3QH540qScrm4tUZbEs87rMUjjI4RTFrw5A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=20
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 script_main.D4IFXGMQ.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 12 KB
7 KB 143ms
60ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

e4e887f6e218b491f1a56b9b0decdb900a08499f2a13d060447e00e4a11e56b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"2ffa76774d675e8e8724b15a53953253"
x-amz-version-id: AU8UGxvWiLj_xJNUzU6XmOBbDwhWvRlu
age: 233134
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Txo1B_Xh9FqYwvRw3XpDQtJzHB-ttFWDuv-fnDzLpJjxptR6UNWHtA==
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="Txo1B_Xh9FqYwvRw3XpDQtJzHB-ttFWDuv-fnDzLpJjxptR6UNWHtA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=15
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 script Show response
events.framer.com/ 18 KB
7 KB 142ms
39ms Script
text/javascript 13.226.94.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events.framer.com/script

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.94.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-94-77.jfk52.r.cloudfront.net

Software

Resource Hash

89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amzn-remapped-content-length: 18177
timestamp: Sun, 03 Nov 2024 11:58:56 GMT
content-encoding: gzip
x-amz-apigw-id: AqzWqGigoAMEp7Q=
x-amzn-trace-id: Root=1-672765c3-44a2063a177604d41c9383ec
x-amzn-requestid: d274d39a-d006-499d-ab70-8b493a715505
via: 1.1 b274a8f17ac92a47c0fa7e31e5599392.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-length: 6204
x-amz-cf-id: RkmAkO2BhmvzBcxt0YRdKj1-L2fdqyAvOkBQ1Vdt_Ga1PmH98sfU-A==
date: Sun, 03 Nov 2024 12:00:03 GMT
content-type: text/javascript
x-amz-cf-pop: JFK52-P10

GET
H2 200 51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/ 48 KB
49 KB 70ms
69ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

466a4109aad7eac1b54590cea83d046585b5301c11a41ea83849b4068a43346c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "08ac86caa816275882986d454a93c188"
age: 1110437
x-content-type-options: nosniff
x-amzn-requestid: df36b023-b3a1-4315-8296-29e5d17271f1
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: AEVFSDOTieKPYym55OcD3Igjb5bcwAJEkmkMMo8xt1Z7IyIwq_FfOg==
date: Mon, 21 Oct 2024 15:32:46 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="AEVFSDOTieKPYym55OcD3Igjb5bcwAJEkmkMMo8xt1Z7IyIwq_FfOg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6716741c-637a655e7a87e2682aeaec7b;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 YkL2yRkjKINERfGS0gcXlLDhfY.webp
framerusercontent.com/images/ 11 KB
12 KB 106ms
106ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/YkL2yRkjKINERfGS0gcXlLDhfY.webp?scale-down-to=512

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a66e68102648c668e7cbb3a58d2efa1ae735cb6770d0adac32dcc5459615f9fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "9ed3cdd066d1cae63fb92d42e14b4741"
age: 234547
x-content-type-options: nosniff
x-amzn-requestid: 36863462-7ead-4b30-a970-7380292b6a53
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: gck7tfLA_3UkM3heTegTPRtCjjqzchQtUEUafABQeT19PBf0hkCDmA==
date: Thu, 31 Oct 2024 18:50:56 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="gck7tfLA_3UkM3heTegTPRtCjjqzchQtUEUafABQeT19PBf0hkCDmA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6723d190-520512ce366b000f7f6d05ce;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 qsFdZ2P3hl21t1QMO3A2TpBkE.webp
framerusercontent.com/images/ 15 KB
15 KB 112ms
111ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/qsFdZ2P3hl21t1QMO3A2TpBkE.webp?scale-down-to=512

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

73ce0021575a72cc4e664e19052d94dcc66cd1b48d4a641146db8cdf05553b9c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "05fb3664c780f2502fa6f0d094adda81"
age: 425604
x-content-type-options: nosniff
x-amzn-requestid: 21b2a07f-2d44-4b32-8301-16073fa7bd57
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: yV1tlfwFFDoKjPa37zCGF_wVRhP351ZRtB0PWmf8yLk-vyLqcogDww==
date: Tue, 29 Oct 2024 13:46:39 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="yV1tlfwFFDoKjPa37zCGF_wVRhP351ZRtB0PWmf8yLk-vyLqcogDww==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6720e73e-3a1da3d4430c170a2acd83e4;Parent=4ef9b5fd6f5e0f8e;Sampled=0;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 a2V1lZc6ASK8uOxU5yj9R4gifc.webp
framerusercontent.com/images/ 10 KB
11 KB 121ms
120ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/a2V1lZc6ASK8uOxU5yj9R4gifc.webp?scale-down-to=512

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "c0eac56d40c3eb138ea68e1647d1b0e4"
age: 1451484
x-content-type-options: nosniff
x-amzn-requestid: e42297d5-e147-4ce4-931a-b0c2e85cd56d
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 6-XhuospdxhcVbEsz8ndQE7ZEqBHvzw5Uznq54rLyhzWBhZZX_VLVw==
date: Thu, 17 Oct 2024 16:48:39 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="6-XhuospdxhcVbEsz8ndQE7ZEqBHvzw5Uznq54rLyhzWBhZZX_VLVw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-67113fe5-2d152a5f2e7fbd7a744099a2;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 fOXtYSvzsNlw0tzPVKMsf72n0.png
framerusercontent.com/images/ 24 KB
25 KB 101ms
100ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/fOXtYSvzsNlw0tzPVKMsf72n0.png?scale-down-to=2048

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "a5fd6921c78d186fd22e12abbea6a593"
age: 13219360
x-content-type-options: nosniff
x-amzn-requestid: 9df5ba47-2ec8-4bec-96e9-11a9fef30e48
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: k7UkiDXQWqPvH_MgJRMFYDB8--nje0QkhI8J7cfDNEJtbX4ipYYKBA==
date: Mon, 03 Jun 2024 11:57:23 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="k7UkiDXQWqPvH_MgJRMFYDB8--nje0QkhI8J7cfDNEJtbX4ipYYKBA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: root=1-665dafa2-42d508f768a18ae373bdb131;sampled=1;lineage=f456f256:0
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 1ZFS7N918ojhhd0nQWdj3jz4w.woff2
framerusercontent.com/assets/ 27 KB
28 KB 161ms
100ms Font
font/woff2 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/1ZFS7N918ojhhd0nQWdj3jz4w.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3000
etag: "9a2dbfafd3686aa72cb303a41be28527"
x-amz-version-id: FhKj_VGbf4ha4CqtjcCeHMQzi9fH8cVU
age: 9444306
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: e3iPCvkbRzd-av7QgSHB-buaMXaq-ScefuN-vWl2eluWpAw7q4zczg==
date: Wed, 17 Jul 2024 04:34:58 GMT
content-type: font/woff2
last-modified: Mon, 15 Jul 2024 14:12:44 GMT
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="e3iPCvkbRzd-av7QgSHB-buaMXaq-ScefuN-vWl2eluWpAw7q4zczg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=21
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28004
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: aws:kms

GET
H2 200 Inter-Medium.latin-Y3IVPL46.woff2
app.framerstatic.com/ 19 KB
20 KB 172ms
43ms Font
font/woff2 2600:9000:27c5:9e00:d:6b42:4ec0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.framerstatic.com/Inter-Medium.latin-Y3IVPL46.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:27c5:9e00:d:6b42:4ec0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3600
etag: "f366e7b832c6d0e8a2038665895c0762"
x-amz-version-id: null
age: 7368770
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: VOVitlxPQfjuhwbnChSmla6dpP3tjPEu-WDlgkLr4MDtwYf5-1rijA==
date: Sat, 10 Aug 2024 05:07:14 GMT
content-type: font/woff2
last-modified: Mon, 22 Jul 2024 13:25:17 GMT
x-frame-options: deny
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 6470e4f88846ccba23ac958d39cf56d0.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19904
x-xss-protection: 0
x-amz-cf-pop: IAD61-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 vQyevYAyHtARFwPqUzQGpnDs.woff2
framerusercontent.com/assets/ 27 KB
28 KB 101ms
100ms Font
font/woff2 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/vQyevYAyHtARFwPqUzQGpnDs.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3000
etag: "a14a424239fd9cb2e305f2243b1f6177"
x-amz-version-id: SH9la86RvjI0NEj8MqfrPHVtgDnLUhAV
age: 9444306
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: mUMYFpj3bf890wSTK5c4s_ZI0zV3ml417C6otNQdIfu1Sn1ogaxM5w==
date: Wed, 17 Jul 2024 04:34:58 GMT
content-type: font/woff2
last-modified: Mon, 15 Jul 2024 14:12:38 GMT
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="mUMYFpj3bf890wSTK5c4s_ZI0zV3ml417C6otNQdIfu1Sn1ogaxM5w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=17
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27404
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: aws:kms

GET
H2 200 DXD0Q7LSl7HEvDzucnyLnGBHM.woff2
framerusercontent.com/assets/ 27 KB
28 KB 101ms
101ms Font
font/woff2 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/DXD0Q7LSl7HEvDzucnyLnGBHM.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3000
etag: "757ca4a792b8c7bbe09f6e6cee76e727"
x-amz-version-id: bCCG3uSnAgT3MLzz1ZSQU2cVkYB4Lve.
age: 9499617
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 9mGyi9TQao5A5tHo3ag9MhBi5S9XcFW75kgYZM4k3oI_vDIav4qB4A==
date: Tue, 16 Jul 2024 13:13:07 GMT
content-type: font/woff2
last-modified: Mon, 15 Jul 2024 14:11:33 GMT
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="9mGyi9TQao5A5tHo3ag9MhBi5S9XcFW75kgYZM4k3oI_vDIav4qB4A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=17
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 44dd03c6d93a5b4e66aa5cea227acbb2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27992
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: aws:kms

GET figure_1_open_directory_page_for_27_124_45_146.webp
app.hunt.io/images/blogs/rekoobe-backdoor/ 0
0

GET figure_2_triage_analysis_of_na_elf_processes.webp
app.hunt.io/images/blogs/rekoobe-backdoor/ 0
0

GET figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp
app.hunt.io/images/blogs/rekoobe-backdoor/ 0
0

POST
H2 200 anonymous
events.framer.com/ 0
380 B 149ms
144ms Ping
application/json 13.226.94.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/anonymous
Requested by: Host: events.framer.com
URL: https://events.framer.com/script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.94.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-94-77.jfk52.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://hunt.io/

Response headers

x-amz-apigw-id: AqzWrFxcIAMEPow=
x-amzn-trace-id: Root=1-672765c3-6c19217900d7721611cfd5ea;Parent=0f2323e92f1aaec0;Sampled=0;Lineage=1:c457ad49:0
x-amzn-requestid: e66db394-e0a9-4fcf-b049-0462626a48f0
via: 1.1 b274a8f17ac92a47c0fa7e31e5599392.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: gYSsKWvNoOpNzagRoLBc3Rrr5qyq8m5FowP9SMTjmTs4D3zCXJCdVg==
date: Sun, 03 Nov 2024 12:00:04 GMT
content-type: application/json
x-amz-cf-pop: JFK52-P10

POST collect
www.google-analytics.com/g/ 0
0

GET
H2 200 psEar9BZHC3V1ST6mGHxVJQfBxc.png
framerusercontent.com/images/ 391 B
1 KB 31ms
30ms Other
image/png 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/images/psEar9BZHC3V1ST6mGHxVJQfBxc.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "939ec6fdc5062f6529950c37ab817812"
age: 13641818
x-content-type-options: nosniff
x-amzn-requestid: b0ac55ce-81d8-4ec5-a63d-b4e0230c1b65
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ymC-VopSuVNrCn0HWVdmjAv7w4DDmXNS6qc7GSU0urVPdwk8zvth6A==
date: Wed, 29 May 2024 14:36:26 GMT
content-type: image/png
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="ymC-VopSuVNrCn0HWVdmjAv7w4DDmXNS6qc7GSU0urVPdwk8zvth6A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: root=1-66573d6a-4e285cd21e7c73b36b481c52;sampled=1;lineage=f456f256:0
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H3 206 wvsIsx8BB-indexes-default.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 3 KB
3 KB 33ms
32ms Fetch
application/octet-stream 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-indexes-default.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

4ecd5171ae810896dd40dfd738d92f181848fa8427cd9565d25ee43a3d3846ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=6093-8904
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 234528
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="i_cZSu5DK_cppzSaC8-c52nP4OtGLNA8pyGNsk_vUw7NixgPnhAsSA==",cdn-downstream-fbl=3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 18:51:16 GMT
content-type: application/octet-stream
x-amz-cf-id: i_cZSu5DK_cppzSaC8-c52nP4OtGLNA8pyGNsk_vUw7NixgPnhAsSA==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 6093-8904/232540
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 2812
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 4 KB
4 KB 48ms
47ms Fetch
application/octet-stream 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

331f50b7e4df146a86dda6d2119a6a1bffe5ab767091b6578fac1b7913fa55b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=749-4499
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 234528
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="AszeEcyCQDXcK7tToZrnVicVMr6SwYzEopT3WLylTmqkKBB2LAPUiQ==",cdn-downstream-fbl=3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 18:51:16 GMT
content-type: application/octet-stream
x-amz-cf-id: AszeEcyCQDXcK7tToZrnVicVMr6SwYzEopT3WLylTmqkKBB2LAPUiQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 749-4499/207193
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 3751
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H3 200 wvsIsx8BB-chunk-default-dict.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 31 KB
32 KB 46ms
46ms Fetch
application/octet-stream 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-chunk-default-dict.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

22f9ad6228134f1117c100471f4de61a94807acbaae93073ff8184a75de4dbf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 234528
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="UM1jov0lbH7CQDiXLBMRuY9LUIYrvif-IcQky8gp87WkwZjC3CjqEA==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 18:51:16 GMT
content-type: application/octet-stream
x-amz-cf-id: UM1jov0lbH7CQDiXLBMRuY9LUIYrvif-IcQky8gp87WkwZjC3CjqEA==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 32000
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET Sun.js@0.0.53
framer.com/m/phosphor-icons/ 0
0

GET Moon.js@0.0.53
framer.com/m/phosphor-icons/ 0
0

GET figure_1_open_directory_page_for_27_124_45_146.webp
app.hunt.io/images/blogs/rekoobe-backdoor/ 0
0

GET figure_2_triage_analysis_of_na_elf_processes.webp
app.hunt.io/images/blogs/rekoobe-backdoor/ 0
0

GET figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp
app.hunt.io/images/blogs/rekoobe-backdoor/ 0
0

GET
H3 206 wvsIsx8BB-indexes-default.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 536 B
1 KB 33ms
32ms Fetch
application/octet-stream 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-indexes-default.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

25fb4a13898f6992c6c93e13c888ef98f71a7e319e8192a87d0fa8b694c3d255

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=12085-12620
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 234528
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Rf2jrrPsmAu1JpVFuhxx0_0zcCRc4QTs1ML4Ts2UyXZamWrMi0euEw==",cdn-downstream-fbl=3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 18:51:16 GMT
content-type: application/octet-stream
x-amz-cf-id: Rf2jrrPsmAu1JpVFuhxx0_0zcCRc4QTs1ML4Ts2UyXZamWrMi0euEw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 12085-12620/232540
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 536
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 122 B
653 B 32ms
31ms Fetch
application/octet-stream 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c90a211515576b6e8f5722d1803a448dbf6a25002462fd0a054250a78831caf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=4-125
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 234528
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="1NVZo6_oGVKnog_TzKXLIM5WRlq8ib3cDHIyPqgPilMWfI_eI4EuGg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 18:51:16 GMT
content-type: application/octet-stream
x-amz-cf-id: 1NVZo6_oGVKnog_TzKXLIM5WRlq8ib3cDHIyPqgPilMWfI_eI4EuGg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 4-125/207193
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 122
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 4 KB
5 KB 32ms
32ms Fetch
multipart/byteranges 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7HYMZOAC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

8931cd323c76b30270a99b32b56a92ba00509df548a34266046a5cc406fb9eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=126-748,4500-8019
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 234528
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="_m1Eb-5OT46dlgDc50oXsQsP819FYaJtTubvW-vHd0OIcbco50JCgQ==",cdn-downstream-fbl=1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 18:51:16 GMT
content-type: multipart/byteranges; boundary=CloudFront:56697BE874AA79AFB505B6C1FB96F769
x-amz-cf-id: _m1Eb-5OT46dlgDc50oXsQsP819FYaJtTubvW-vHd0OIcbco50JCgQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 4452
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

OPTIONS
H3 200 wvsIsx8BB-chunk-default-0.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/ 0
0 38ms
37ms Preflight 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/RJOAKfZzQVS48xxFIaaT/wvsIsx8BB-chunk-default-0.framercms

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: range
Access-Control-Request-Method: GET
Origin: https://hunt.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Range
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range
access-control-max-age: 600
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sun, 03 Nov 2024 12:00:04 GMT
referrer-policy: strict-origin-when-cross-origin
server-timing: cdn-upstream-layer;desc="REC",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=2,cdn-cache-miss,cdn-pop;desc="IAD55-P3",cdn-rid;desc="L0zQYVpgtgnyzz0KnV9VY0iEbBKu5HJMbzBupJp8akbtdAJoKkpXSg==",cdn-downstream-fbl=8
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
x-amz-cf-id: L0zQYVpgtgnyzz0KnV9VY0iEbBKu5HJMbzBupJp8akbtdAJoKkpXSg==
x-amz-cf-pop: IAD55-P3
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 0

GET
H2 200 qsFdZ2P3hl21t1QMO3A2TpBkE.webp
framerusercontent.com/images/ 15 KB
0 0ms
0ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/qsFdZ2P3hl21t1QMO3A2TpBkE.webp?scale-down-to=512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

73ce0021575a72cc4e664e19052d94dcc66cd1b48d4a641146db8cdf05553b9c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "05fb3664c780f2502fa6f0d094adda81"
age: 425604
x-content-type-options: nosniff
x-amzn-requestid: 21b2a07f-2d44-4b32-8301-16073fa7bd57
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: yV1tlfwFFDoKjPa37zCGF_wVRhP351ZRtB0PWmf8yLk-vyLqcogDww==
date: Tue, 29 Oct 2024 13:46:39 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="yV1tlfwFFDoKjPa37zCGF_wVRhP351ZRtB0PWmf8yLk-vyLqcogDww==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6720e73e-3a1da3d4430c170a2acd83e4;Parent=4ef9b5fd6f5e0f8e;Sampled=0;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/ 12 KB
13 KB 63ms
63ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp?scale-down-to=512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

52d3d229833e7e09e5c6fdb3aaf2567bf1c4f3d392516321d82d3044ef5e18fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "7c16933b0adf74db37d6f053cd283bd6"
age: 1110859
x-content-type-options: nosniff
x-amzn-requestid: f10ded2c-7b03-44da-aab2-631e6d5edaa0
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 9b8E8GaH33tXpg7_0r5siCdY6KojZuP3pE4SdZ3Ur8cFQuAuLHBAXw==
date: Mon, 21 Oct 2024 15:25:45 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="9b8E8GaH33tXpg7_0r5siCdY6KojZuP3pE4SdZ3Ur8cFQuAuLHBAXw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-67167278-578ad50866bbd1ed0659d3d0;Parent=67a2e11af2b96694;Sampled=0;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/ 12 KB
0 57ms
57ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp?scale-down-to=512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

52d3d229833e7e09e5c6fdb3aaf2567bf1c4f3d392516321d82d3044ef5e18fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "7c16933b0adf74db37d6f053cd283bd6"
age: 1110859
x-content-type-options: nosniff
x-amzn-requestid: f10ded2c-7b03-44da-aab2-631e6d5edaa0
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 9b8E8GaH33tXpg7_0r5siCdY6KojZuP3pE4SdZ3Ur8cFQuAuLHBAXw==
date: Mon, 21 Oct 2024 15:25:45 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="9b8E8GaH33tXpg7_0r5siCdY6KojZuP3pE4SdZ3Ur8cFQuAuLHBAXw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-67167278-578ad50866bbd1ed0659d3d0;Parent=67a2e11af2b96694;Sampled=0;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 a2V1lZc6ASK8uOxU5yj9R4gifc.webp
framerusercontent.com/images/ 10 KB
0 0ms
0ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/a2V1lZc6ASK8uOxU5yj9R4gifc.webp?scale-down-to=512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "c0eac56d40c3eb138ea68e1647d1b0e4"
age: 1451484
x-content-type-options: nosniff
x-amzn-requestid: e42297d5-e147-4ce4-931a-b0c2e85cd56d
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 6-XhuospdxhcVbEsz8ndQE7ZEqBHvzw5Uznq54rLyhzWBhZZX_VLVw==
date: Thu, 17 Oct 2024 16:48:39 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="6-XhuospdxhcVbEsz8ndQE7ZEqBHvzw5Uznq54rLyhzWBhZZX_VLVw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-67113fe5-2d152a5f2e7fbd7a744099a2;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 YkL2yRkjKINERfGS0gcXlLDhfY.webp
framerusercontent.com/images/ 45 KB
46 KB 51ms
51ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/YkL2yRkjKINERfGS0gcXlLDhfY.webp

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RG66I2KX.mjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

3c44ead2fcd033d790bec168fe46d38a5fba50e55e9b3408a04898158d271920

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "f52f58117f9082c6ffc3f4f74d079bf1"
age: 234538
x-content-type-options: nosniff
x-amzn-requestid: 36fc1209-2bac-44c2-87a6-d951e08c4b55
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: FebxUkXbrKpIZ6uimbB32A5z6iqbo365gYJpFtSCZAQ88w0XGFMGUw==
date: Thu, 31 Oct 2024 18:51:06 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="FebxUkXbrKpIZ6uimbB32A5z6iqbo365gYJpFtSCZAQ88w0XGFMGUw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6723d198-4725f827462cdb260263f4f0;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H2 200 51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/ 48 KB
0 0ms
0ms Image
image/avif 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RG66I2KX.mjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

466a4109aad7eac1b54590cea83d046585b5301c11a41ea83849b4068a43346c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "08ac86caa816275882986d454a93c188"
age: 1110437
x-content-type-options: nosniff
x-amzn-requestid: df36b023-b3a1-4315-8296-29e5d17271f1
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: AEVFSDOTieKPYym55OcD3Igjb5bcwAJEkmkMMo8xt1Z7IyIwq_FfOg==
date: Mon, 21 Oct 2024 15:32:46 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-rid;desc="AEVFSDOTieKPYym55OcD3Igjb5bcwAJEkmkMMo8xt1Z7IyIwq_FfOg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6716741c-637a655e7a87e2682aeaec7b;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3

GET
H3 200 Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.3Q4PE7RW.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 97 KB
13 KB 34ms
32ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.3Q4PE7RW.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

417194d9731698243387aea05ecbec291cbe7fe87d59cf35f41cabf0065d55e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"eaa926b355e915c8fffa0d8498c3cf3c"
x-amz-version-id: B943EyODBAaOjFjae7xA7Zs98umS_XqR
age: 232415
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="pu_OQB9v_w5aQZrRQ8zUsCI9NImbO5V9u-HshpRpejiCUuBH6zgUng==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 19:26:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: pu_OQB9v_w5aQZrRQ8zUsCI9NImbO5V9u-HshpRpejiCUuBH6zgUng==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 7nvGry3j3Lagr-bg62UjsuCR3FSPZpCnVv74AGlBIsA.RJ5EJWKE.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 40 KB
7 KB 35ms
34ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/7nvGry3j3Lagr-bg62UjsuCR3FSPZpCnVv74AGlBIsA.RJ5EJWKE.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

b46dc7aa28fb8834aa5c54e21810b33c17f6854f81e18ecce49cab74ab695cb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"85aeb474ff1163a0618f802e1648d647"
x-amz-version-id: XUASb5hCGt4hPmjGOHfy8qgZYlXR05_8
age: 232415
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="1WBW3ldRf7AGYeLdrcbbtxc9qbg3SC147u_1i5XMkeDkeTMkDF7Vvw==",cdn-downstream-fbl=4
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 19:26:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: 1WBW3ldRf7AGYeLdrcbbtxc9qbg3SC147u_1i5XMkeDkeTMkDF7Vvw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 IRjHrVtXgP8DqdxJJgDLnPoSfU8pf44r2kULtOIir38.ZIS2LM2I.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 45 KB
8 KB 32ms
31ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/IRjHrVtXgP8DqdxJJgDLnPoSfU8pf44r2kULtOIir38.ZIS2LM2I.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

bacf239a9d812f6bd5fc3f6e344a5a37e9d12eb37752aed3957163c4f3f27830

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"edd3fd3dcd4de25ba4ec02941b3f2855"
x-amz-version-id: mTJHYq6QEPfJMbLD1bMaIuPBHCK2bVBT
age: 232415
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="IH_8CC6SMIk9WLDnfzSQSCFfckJENG4QOgLzrM_X9wYhDn7bvwUChw==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 19:26:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: IH_8CC6SMIk9WLDnfzSQSCFfckJENG4QOgLzrM_X9wYhDn7bvwUChw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.JF3S6MKW.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 74 KB
11 KB 31ms
30ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.JF3S6MKW.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

50c09119c069e3b06c472bd6e1df26aedb9b96e7640551f6a7ca74ee7751425c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"cc37c57e70b2fb2f9a6da1dc6c771b94"
x-amz-version-id: .8rU4lbfhoToqDL9VN7kZawktW46DpN0
age: 232415
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="3KdH4iPLKa3jplM9twiG-6HdLOAN5F4r1e1w2Imna9IBDn9h6h7w8w==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 19:26:31 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:19 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: 3KdH4iPLKa3jplM9twiG-6HdLOAN5F4r1e1w2Imna9IBDn9h6h7w8w==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.F3HR2LBN.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 87 KB
12 KB 34ms
33ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.F3HR2LBN.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

700a4e32e0942c5d4693a3b5b690fac06a39c95682f239990ae6a2ad875d1619

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.D4IFXGMQ.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"5f0a1eb1715ff7adf97c5841981747ce"
x-amz-version-id: CtMr5_kw7ePDGJk1idMApUXnuxTnZXCU
age: 233136
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="yLGdBf1UO-Q1sYmyJzIc6sPqSrkJ_zkZPsRTvydC7I7a-QS2bkg_3w==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:17 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: yLGdBf1UO-Q1sYmyJzIc6sPqSrkJ_zkZPsRTvydC7I7a-QS2bkg_3w==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-T5EFLHWR.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 996 B
2 KB 31ms
31ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-T5EFLHWR.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

b8d271456844cdc4afcb7f243e38180242a9c4f66aadc2b09cafc0fa008f9e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/IRjHrVtXgP8DqdxJJgDLnPoSfU8pf44r2kULtOIir38.ZIS2LM2I.mjs

Response headers

access-control-max-age: 0
etag: "3a1dc2e88c88fcf981796246d967d8a5"
x-amz-version-id: SInShvgOzJE8848CB41CRoAlxQKaTOSJ
age: 3195140
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="A0IfbY-Wtpu--k2jnUhkqdxqAj1iiu4KL48hxdrriy-fTXusItf5Qw==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Fri, 27 Sep 2024 12:27:46 GMT
content-type: text/javascript
last-modified: Thu, 26 Sep 2024 02:28:30 GMT
vary: Origin
x-amz-cf-id: A0IfbY-Wtpu--k2jnUhkqdxqAj1iiu4KL48hxdrriy-fTXusItf5Qw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 996
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-6UFG4TWW.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 1000 B
1 KB 31ms
31ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-6UFG4TWW.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

219b4e34e707365a8236438d5af4504120f284b523d95eb63c05bba3f0aa4b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/7nvGry3j3Lagr-bg62UjsuCR3FSPZpCnVv74AGlBIsA.RJ5EJWKE.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"0396206f2839e31813dd35bf14a510a4"
x-amz-version-id: PYPOo3WII3JWmEx6N7bWyIeLCfRCS5C6
age: 9837398
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="p-UBx-KmmHDHKqg7Le2GGFFK_p5QoBl3_7lGCdly_-_Z7T1I29phtQ==",cdn-downstream-fbl=3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Fri, 12 Jul 2024 15:23:28 GMT
content-type: text/javascript
last-modified: Fri, 12 Jul 2024 15:08:08 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: p-UBx-KmmHDHKqg7Le2GGFFK_p5QoBl3_7lGCdly_-_Z7T1I29phtQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-3OHOHP5K.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 1 KB
1 KB 30ms
30ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-3OHOHP5K.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

85423271cadc50e7a8873249d3ece6c62b3180112ac657e66347ce4241d31dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.3Q4PE7RW.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"0d3db3f4c9f52ed4383abbcc60719616"
x-amz-version-id: RGc_Ws_DDVt19gqO4V500uKpAg8wxHba
age: 405251
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="pFpC7sXoaDUuFn0cCu9O8njIHG1vdEjUQIbOw_TItsIlukLICCrubg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 19:25:55 GMT
content-type: text/javascript
last-modified: Tue, 29 Oct 2024 18:16:43 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: pFpC7sXoaDUuFn0cCu9O8njIHG1vdEjUQIbOw_TItsIlukLICCrubg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-2GYV7IVM.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 933 B
2 KB 30ms
30ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2GYV7IVM.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.JF3S6MKW.mjs

Response headers

access-control-max-age: 0
etag: "24298ba8391c7d23a5170e0e38318a28"
x-amz-version-id: lO6.H.AlRhyaRql.F28VZ2HKotHf5M8p
age: 929249
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="uIRLx0h1KfYhITxNu3quv913Rb3uyQriPD35Xiq8arvw4tORuhhH6g==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Wed, 23 Oct 2024 17:52:37 GMT
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 16:32:05 GMT
vary: Origin
x-amz-cf-id: uIRLx0h1KfYhITxNu3quv913Rb3uyQriPD35Xiq8arvw4tORuhhH6g==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 933
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-2MP2Z6KV.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 993 B
2 KB 31ms
30ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2MP2Z6KV.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.F3HR2LBN.mjs

Response headers

access-control-max-age: 0
etag: "a0270dad90dd051af03ad27f756ce88b"
x-amz-version-id: Xa6i0f68HFqGuYAYsjcBEL8VNbvS_6X7
age: 843111
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="3Maxq6F3H10lUoyqbRX7shJY01Sx2ngxAF-LzNGlQucahoh2IQzbMg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 24 Oct 2024 17:48:15 GMT
content-type: text/javascript
last-modified: Thu, 24 Oct 2024 17:21:26 GMT
vary: Origin
x-amz-cf-id: 3Maxq6F3H10lUoyqbRX7shJY01Sx2ngxAF-LzNGlQucahoh2IQzbMg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 993
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-ZWPKCQCT.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 16 KB
4 KB 31ms
31ms Script
text/javascript 2600:9000:24f4:c800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-ZWPKCQCT.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:9000:24f4:c800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

bd70f52246cf62c4d36263b2de3bfc7b3c4b951921ecd6d2dba88fec7f6b9366

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.F3HR2LBN.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"7d942011d1d364b620f03082130f53e8"
x-amz-version-id: MrkdFRwmNuxNik4uHW6ugqpHN.Z5N4wo
age: 233136
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="IAD55-P3",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Ho8S8ilSe2jts1y4vsUZof04IZiGBEl4Z12WffjBrfbHQFZbbbEX2w==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Oct 2024 19:14:30 GMT
content-type: text/javascript
last-modified: Thu, 31 Oct 2024 18:51:18 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: Ho8S8ilSe2jts1y4vsUZof04IZiGBEl4Z12WffjBrfbHQFZbbbEX2w==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 0c482288431692a08571c47359ca2c80.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: IAD55-P3
server: CloudFront
x-amz-server-side-encryption: AES256

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: app.hunt.io
URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_1_open_directory_page_for_27_124_45_146.webp

Domain: app.hunt.io
URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_2_triage_analysis_of_na_elf_processes.webp

Domain: app.hunt.io
URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CKJY21YJ7N&gtm=45je4au0v9166211784za200&_p=1730635203709&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=1173708217.1730635204&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1730635203&sct=1&seg=0&dl=https%3A%2F%2Fhunt.io%2Fblog%2Frekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users&dt=Rekoobe%20Backdoor%20Discovered%20in%20Open%20Directory%2C%20Possibly%20Targeting%20TradingView%20Users&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=874

Domain: framer.com
URL: https://framer.com/m/phosphor-icons/Sun.js@0.0.53

Domain: framer.com
URL: https://framer.com/m/phosphor-icons/Moon.js@0.0.53

Domain: app.hunt.io
URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_1_open_directory_page_for_27_124_45_146.webp

Domain: app.hunt.io
URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_2_triage_analysis_of_na_elf_processes.webp

Domain: app.hunt.io
URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hunt.io/	1970-01-21 10:19:55	Name: _ga_CKJY21YJ7N Value: GS1.1.1730635203.1.0.1730635203.0.0.0
			.hunt.io/	1970-01-21 10:19:55	Name: _ga Value: GA1.1.1173708217.1730635204

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_1_open_directory_page_for_27_124_45_146.webp Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_2_triage_analysis_of_na_elf_processes.webp Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CKJY21YJ7N&gtm=45je4au0v9166211784za200&_p=1730635203709&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=1173708217.1730635204&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1730635203&sct=1&seg=0&dl=https%3A%2F%2Fhunt.io%2Fblog%2Frekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users&dt=Rekoobe%20Backdoor%20Discovered%20in%20Open%20Directory%2C%20Possibly%20Targeting%20TradingView%20Users&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=874 Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://framer.com/m/phosphor-icons/Moon.js@0.0.53 Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://framer.com/m/phosphor-icons/Sun.js@0.0.53 Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_1_open_directory_page_for_27_124_45_146.webp Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_2_triage_analysis_of_na_elf_processes.webp Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp Message: Failed to load resource: net::ERR_CONNECTION_RESET

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.framerstatic.com
app.hunt.io
events.framer.com
framer.com
framerusercontent.com
hunt.io
www.google-analytics.com
www.googletagmanager.com
app.hunt.io
framer.com
www.google-analytics.com
13.226.94.77
2600:9000:24f4:c800:d:ada1:a280:93a1
2600:9000:27c5:9e00:d:6b42:4ec0:93a1
2607:f8b0:400d:c04::61
35.71.142.77
0c8f7a09fde5ea166851f8db6ab7ced6a8a5d38d2c372b31601e9480ddc1f08c
0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b
1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859
1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3
195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f
20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a
219b4e34e707365a8236438d5af4504120f284b523d95eb63c05bba3f0aa4b0b
22f9ad6228134f1117c100471f4de61a94807acbaae93073ff8184a75de4dbf8
25fb4a13898f6992c6c93e13c888ef98f71a7e319e8192a87d0fa8b694c3d255
2d18875b92a500199a2d18dfa37ac950f5e26b756fa064931b4bc937835e52e3
2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f
331f50b7e4df146a86dda6d2119a6a1bffe5ab767091b6578fac1b7913fa55b0
3c44ead2fcd033d790bec168fe46d38a5fba50e55e9b3408a04898158d271920
40465f0c69a61ab4bf5e6342d357915b08d34bbfca7cef1301b02141e33228e1
4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b
417194d9731698243387aea05ecbec291cbe7fe87d59cf35f41cabf0065d55e5
466a4109aad7eac1b54590cea83d046585b5301c11a41ea83849b4068a43346c
4a87684a7eaf6a1267acccf116bf950f0ecfe117a381262279793546dd34b1fd
4ecd5171ae810896dd40dfd738d92f181848fa8427cd9565d25ee43a3d3846ad
50c09119c069e3b06c472bd6e1df26aedb9b96e7640551f6a7ca74ee7751425c
52d3d229833e7e09e5c6fdb3aaf2567bf1c4f3d392516321d82d3044ef5e18fc
550a12a417b7883808ec6b46613d9facb78a41a1b9b54178015fb3524522f298
63d93f8892cd70a779771119dfac565d98329a7c6b468d30d42de5eb03e582b3
664a53dc4967e208e3de51547b044aedbde20b46b5456e1c89ef7683650b42ae
6e4594993d1de38c4a66dd1afb5f3343d6f08cbc382f925fa456dad68542d3bc
700a4e32e0942c5d4693a3b5b690fac06a39c95682f239990ae6a2ad875d1619
73ce0021575a72cc4e664e19052d94dcc66cd1b48d4a641146db8cdf05553b9c
7b96eeae71395c3038c0858e611d355f0184e036b30246ed3771197f9d777fdb
7cd698d05ce984570bd257019cd83a3bc8e80fe24a59438e62fce5a79fe68f46
85423271cadc50e7a8873249d3ece6c62b3180112ac657e66347ce4241d31dc9
8931cd323c76b30270a99b32b56a92ba00509df548a34266046a5cc406fb9eb0
89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4
9ba3d9cd08e0e2e982305b3cf1351b793cff4d4c3a721939ab1aba9bfbecec1f
a66e68102648c668e7cbb3a58d2efa1ae735cb6770d0adac32dcc5459615f9fb
a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891
b4067ec53c32cabf91cf78f3b56e26d2aa0ecbf15657bd64f260c123ab4bc0d6
b46dc7aa28fb8834aa5c54e21810b33c17f6854f81e18ecce49cab74ab695cb6
b8d271456844cdc4afcb7f243e38180242a9c4f66aadc2b09cafc0fa008f9e5b
bacf239a9d812f6bd5fc3f6e344a5a37e9d12eb37752aed3957163c4f3f27830
bd70f52246cf62c4d36263b2de3bfc7b3c4b951921ecd6d2dba88fec7f6b9366
be452a69733e49f9261fd48e1b2649e9d0fd02310623c9025f47c6d9f5b249f9
c05f01828760b7f62c56f54e661db6fbbacb8119d4e3a7fdb19adc5bbb30d197
c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf
c90a211515576b6e8f5722d1803a448dbf6a25002462fd0a054250a78831caf4
cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685
e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e887f6e218b491f1a56b9b0decdb900a08499f2a13d060447e00e4a11e56b3
f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2
f6967adc447cc47bd8bd52ae0cd9a67b5b3c76a741d3ef4345299b7387ab3903

hunt.io Open in urlscan Pro 35.71.142.77 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

63 Requests

86 %HTTPS

60 %IPv6

6 Domains

8 Subdomains

6 IPs

1 Countries

1428 kBTransfer

5264 kBSize

2 Cookies

14 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

hunt.io Open in urlscan Pro
35.71.142.77 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

86 %
HTTPS

60 %
IPv6

6
Domains

8
Subdomains

6
IPs

1
Countries

1428 kB
Transfer

5264 kB
Size

2
Cookies

63 HTTP transactions
1 data transactions