URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Submission: On October 29 via api from IN — Scanned from DE

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 66 HTTP transactions. The main IP is 52.223.52.2, located in United States and belongs to AMAZON-02, US. The main domain is hunt.io.
TLS certificate: Issued by WR1 on October 2nd 2024. Valid for: 3 months.
This is the only time hunt.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
54 framerusercontent.com
framerusercontent.com — Cisco Umbrella Rank: 26990
2 MB
7 hunt.io
hunt.io
app.hunt.io
389 KB
4 framer.com
events.framer.com — Cisco Umbrella Rank: 37544
framer.com — Cisco Umbrella Rank: 35418
8 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3643
1 framerstatic.com
app.framerstatic.com — Cisco Umbrella Rank: 182747
20 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
107 KB
66 6
Domain Requested by
54 framerusercontent.com hunt.io
framerusercontent.com
6 app.hunt.io hunt.io
2 framer.com 2 redirects
2 events.framer.com hunt.io
events.framer.com
1 region1.google-analytics.com www.googletagmanager.com
1 app.framerstatic.com hunt.io
1 www.googletagmanager.com hunt.io
1 hunt.io
66 8

This site contains links to these domains. Also see Links.

Domain
app.hunt.io
github.com
asec.ahnlab.com
www.trendmicro.com
tria.ge
web.archive.org
x.com
www.linkedin.com
Subject Issuer Validity Valid
hunt.io
WR1
2024-10-02 -
2024-12-31
3 months crt.sh
*.google-analytics.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
framerusercontent.com
Amazon RSA 2048 M02
2023-12-18 -
2025-01-14
a year crt.sh
events.framer.com
Amazon RSA 2048 M03
2024-04-09 -
2025-05-07
a year crt.sh
framerstatic.com
Amazon RSA 2048 M02
2024-09-22 -
2025-10-20
a year crt.sh

This page contains 1 frames:

Primary Page: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Frame ID: C776807D4E1D15C2B6DDA2CDA75AAF2F
Requests: 67 HTTP requests in this frame

Screenshot

Page Title

Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

66
Requests

97 %
HTTPS

67 %
IPv6

6
Domains

8
Subdomains

9
IPs

2
Countries

2185 kB
Transfer

6381 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42
  • https://framer.com/m/phosphor-icons/Sun.js@0.0.53 HTTP 302
  • https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js
Request Chain 43
  • https://framer.com/m/phosphor-icons/Moon.js@0.0.53 HTTP 302
  • https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js

66 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
hunt.io/blog/
552 KB
44 KB
Document
General
Full URL
https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.223.52.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0b1d980e1f2226c6.awsglobalaccelerator.com
Software
Framer/4d5d6b1 /
Resource Hash
9aa6f7adc37d9d1e0e2af9d7dd66aa5fe4b4748853d7643cb2b349860bc95581
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000
cache-control
public, max-age=0, must-revalidate
content-encoding
br
content-length
44857
content-type
text/html
date
Tue, 29 Oct 2024 09:14:07 GMT
etag
"ea207d026c5c43141221b55318b8e37c"
last-modified
Fri, 25 Oct 2024 05:03:51 GMT
link
<https://framerusercontent.com>; rel="preconnect", <https://framerusercontent.com>; rel="preconnect"; crossorigin=""
server
Framer/4d5d6b1
server-timing
region;desc="eu-west-1", cache;desc="cached", ssg-status;desc="optimized", version;desc="4d5d6b1"
strict-transport-security
max-age=31536000
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/
321 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4c2ea0d625646ecd2897ebcda79b753b0e34a99dfc8384af8ee391ba2eb06016
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 29 Oct 2024 09:14:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 29 Oct 2024 09:14:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109064
x-xss-protection
0
server
Google Tag Manager
chunk-VI3F2EC2.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
655 KB
200 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-VI3F2EC2.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
381ce5e1b3e937f47c2f11c274952bcc3a0fa7b9d8364cae1558a0fa8f64379e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"7b434d1cda9aeb06ea9af666b3277d98"
x-amz-version-id
gyAaVl1fUb88BehAMoBZVdWm4DhO2caf
age
370373
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
09dqt51GJiQIKUFULOROSfjZB87LBznSI98MsowMYFtMFPOxPKlk7A==
date
Fri, 25 Oct 2024 02:21:16 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:28 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="09dqt51GJiQIKUFULOROSfjZB87LBznSI98MsowMYFtMFPOxPKlk7A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-RIUMFBNJ.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
447 B
1 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RIUMFBNJ.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
etag
"30ed32fa3444df726bb60d89113cf478"
x-amz-version-id
vYavs6UabxhB5PKPh4VT.q026xitGK6K
age
3677410
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
OemR_uXb_rvJQAs2-0sepT8dxX66eEr902UvtkMfJpU1UqueLJZQjQ==
date
Mon, 16 Sep 2024 19:43:59 GMT
content-type
text/javascript
last-modified
Mon, 16 Sep 2024 15:39:52 GMT
vary
Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="OemR_uXb_rvJQAs2-0sepT8dxX66eEr902UvtkMfJpU1UqueLJZQjQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
447
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
l9nSpkhg8V0TXKorvXDmH1xZe_Xmj3czreGnouDmJz8.IXNRCXHQ.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
374 KB
50 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/l9nSpkhg8V0TXKorvXDmH1xZe_Xmj3czreGnouDmJz8.IXNRCXHQ.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
417d16213a9a9a0562f54e67b239394276c6d7b63c7c65940ef738bc8fdbbef6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"ccc9851ad7a78b7ff526b90144481960"
x-amz-version-id
LQK4wGqjSEcAlJzZrtjY5PzlIl3vB_tr
age
359199
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
1g4bziJDhJkA54XKFRzF4UADvBqxFK3EQdqERfKKT_uVl11iot2xHw==
date
Fri, 25 Oct 2024 05:27:30 GMT
content-type
text/javascript
last-modified
Fri, 25 Oct 2024 05:03:41 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="1g4bziJDhJkA54XKFRzF4UADvBqxFK3EQdqERfKKT_uVl11iot2xHw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-EQNSQBSN.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
269 KB
66 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-EQNSQBSN.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c4e1356e693c43d043b2e8ab773ffb164dbd281139af0777cbfe92505eb3b44e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"ae85b78030997f7b7a899b43dfc1189d"
x-amz-version-id
OTdyZkXB66_YQ4vSSdTa4Om.1XtADLha
age
359198
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
lnilzyCitStmvWqlfxZ8IqThyMsWlX-i8_u5fn1k788PC90qwvJk6Q==
date
Fri, 25 Oct 2024 05:27:31 GMT
content-type
text/javascript
last-modified
Fri, 25 Oct 2024 05:03:41 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="lnilzyCitStmvWqlfxZ8IqThyMsWlX-i8_u5fn1k788PC90qwvJk6Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-IQJXJS56.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
2 MB
462 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-IQJXJS56.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"31dd62f5e78dc021748cb2e226a1a631"
x-amz-version-id
ha0.ZQo2WOP80YQTROckWsD0vmO7dcYH
age
1003984
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
CjwG_EDW1AIRh52O4jzHUK7fW20464e0YSHhaezCmnhLPPLrrKKi_Q==
date
Thu, 17 Oct 2024 18:21:05 GMT
content-type
text/javascript
last-modified
Thu, 17 Oct 2024 17:21:59 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CjwG_EDW1AIRh52O4jzHUK7fW20464e0YSHhaezCmnhLPPLrrKKi_Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-7UJN3YMD.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
383 KB
73 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7UJN3YMD.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
caafc1df3230f7c7ce3f1ab4c46c9d6c5d7be7c5c0b88f38d45c916287297d84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"ec25aa8f73162d8b59d7044580204ed1"
x-amz-version-id
hevaUPPcbGDNIjU3nRdh23Z6GUw_d7ZF
age
370371
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
wKas-8mt6Gj_MhhFIIT7QOxTEShXc2ped5vPB8Rxnlcwk262mUia5w==
date
Fri, 25 Oct 2024 02:21:18 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:28 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="wKas-8mt6Gj_MhhFIIT7QOxTEShXc2ped5vPB8Rxnlcwk262mUia5w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-MTEMCWZP.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
55 KB
18 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MTEMCWZP.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f0f6acfde0d7802d550168ed547286f5af441b5af3def6160ecca4a0a950f2c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"212cff6870b371f325431fa62ea93031"
x-amz-version-id
_l1rfLnCP3YL_kqe70ijZMPP5IrAIEcS
age
370371
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
jdJpechkIud5dq5JYKPpHL1WK2bJvhXCv24EsFdDu-GTPsvgtOuqWw==
date
Fri, 25 Oct 2024 02:21:18 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:28 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="jdJpechkIud5dq5JYKPpHL1WK2bJvhXCv24EsFdDu-GTPsvgtOuqWw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-NAXYCJ2J.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
22 KB
5 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-NAXYCJ2J.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
18dc89dc56432e7c530b0a7a0982f8d518a9e0f071823526c6c8828e7a8da9d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"57943623bdf60fbc25cde8491df8baeb"
x-amz-version-id
FbxpTbik4BH.5k60y8ZlGfO4AWv6ALNB
age
370332
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
UqGyCZ9D56S9QTqKkVyx92x-QokIjpI_wrZ0p71INI56AgI2khDcYA==
date
Fri, 25 Oct 2024 02:21:57 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="UqGyCZ9D56S9QTqKkVyx92x-QokIjpI_wrZ0p71INI56AgI2khDcYA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-NVR7G2YK.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
145 KB
23 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-NVR7G2YK.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
fa15c68ceae0701c3f437c821d5675f6d2f5564647ba8273acb43006fd7738fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"a330ee5e7a4e2ca1654dc5681174eab3"
x-amz-version-id
Si9GOi8QxVnv_qlTRZ28yVwrk.XZves8
age
370331
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
rMO0Q0QL4UGI2Gt1LaCXbl_X7ebhkfYuCxTWfmNs7-DVmNyMvfXrgw==
date
Fri, 25 Oct 2024 02:21:58 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="rMO0Q0QL4UGI2Gt1LaCXbl_X7ebhkfYuCxTWfmNs7-DVmNyMvfXrgw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-BR6QBCBW.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
781 B
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-BR6QBCBW.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
562d8025f722e7946a766890828d52f01a9d941cecc6922a7a1d85626ca022a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
etag
"9b35dd85a3b5899d481ec4bb86a0049b"
x-amz-version-id
TziVWJ6OSvVxonBLWtM5u.rnyL95iV.q
age
370371
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
lNrKNQ6jF3WCTjYtdRvcn2UVaKmd5AqqssiJcErXrtws4rmctI84tg==
date
Fri, 25 Oct 2024 02:21:18 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="lNrKNQ6jF3WCTjYtdRvcn2UVaKmd5AqqssiJcErXrtws4rmctI84tg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
781
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-HMBKG6Q7.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
3 KB
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-HMBKG6Q7.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3cc0a6497d22d728d2f685f704d69d798858b1179060ba36d397176b9ebe3fcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"54ed821bd0021ae31c3f4b1728b0aaa2"
x-amz-version-id
yn1QY1TrrkLkdhqXdn_jrU8cVi8f7ohF
age
359198
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
zY8D6XaWFaswYXt0soRewDmk8QLe1hXo_capt6vrGSqhDdNovyxJ8A==
date
Fri, 25 Oct 2024 05:27:31 GMT
content-type
text/javascript
last-modified
Fri, 25 Oct 2024 05:03:41 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="zY8D6XaWFaswYXt0soRewDmk8QLe1hXo_capt6vrGSqhDdNovyxJ8A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-U7P4YC3L.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
9 KB
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-U7P4YC3L.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b577d3ea1e90f95286806fcdf3bc1d9ca04489602ffcefc9aa5d6e81659b1647
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"e0a76b9c4adf7425c5da96701aa0140a"
x-amz-version-id
nWNE1LUvoQGHCC9m3RK77WAeG5gu0Jb_
age
370331
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
1PwNwEewguEWq5Fm3qjCLCKalygLKtki4Y_f0Z-HUnvEHcAwFzwmiA==
date
Fri, 25 Oct 2024 02:21:58 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="1PwNwEewguEWq5Fm3qjCLCKalygLKtki4Y_f0Z-HUnvEHcAwFzwmiA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-DA5PQTXD.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
20 KB
6 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-DA5PQTXD.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
4553f59231acbd55eee344c86a06ae8cf57cccaf0f6d32d994690b1aa4c9360e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"636f8053634f7b8d11cffe094419b154"
x-amz-version-id
P.PBKsHOcuKQqBAsM2gxr4bjfrUZrU.k
age
370332
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
SkkTmk5ZiqqwcrllIXqJKbpmRcsk9RjjswUiV2u973CeU5GVEV3ImA==
date
Fri, 25 Oct 2024 02:21:57 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="SkkTmk5ZiqqwcrllIXqJKbpmRcsk9RjjswUiV2u973CeU5GVEV3ImA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-YWWHRDEN.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
700 B
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-YWWHRDEN.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8233de7581e6175d6b6860dbaa7c93ea09cf75d8ae42cd39f0175e3d33041306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
etag
"adacf4f58f6808b35da3761df4f16bdc"
x-amz-version-id
RiLIOms4BHZWLnTwzAiD3csBCuktmItA
age
370332
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
UnhHjfrjzsEeMPww_1fbCTRsPMp5_abIKdHMmeqWozUg2kL4RMdiIg==
date
Fri, 25 Oct 2024 02:21:57 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:28 GMT
vary
Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="UnhHjfrjzsEeMPww_1fbCTRsPMp5_abIKdHMmeqWozUg2kL4RMdiIg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
700
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-KLPDVVLN.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
4 KB
3 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-KLPDVVLN.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
7465b8c36361a6bbd3cda8a9719141a484cc4de4922f8b3a301d49f0044920dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"64dd67ed11b03ea0f98b0d68621825a0"
x-amz-version-id
ho7GBI9FMiVHCHGne1iUf_GzDBA2cptD
age
370371
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
yAEFg1XCHTemb5Q1xmwlVIcdiR9aWodffGbelJePE56GC_j_38i42w==
date
Fri, 25 Oct 2024 02:21:18 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:28 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="yAEFg1XCHTemb5Q1xmwlVIcdiR9aWodffGbelJePE56GC_j_38i42w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
script_main.U72VEBQA.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
12 KB
7 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3c08171a3e6b17212701ac43c7efa1668fe013940f9425d6684e3bb8ce2345d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"10dd79805ace64921283eae712ea9cba"
x-amz-version-id
keVVi50X4F.RsMEK8CsN383n2FuV.HUw
age
359201
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Dz2-i4abJl4u4kmDp4__GzI0faqq-DdwEK_Cjn2KznxHF_pdHbrPng==
date
Fri, 25 Oct 2024 05:27:28 GMT
content-type
text/javascript
last-modified
Fri, 25 Oct 2024 05:03:42 GMT
vary
Accept-Encoding,Origin
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Dz2-i4abJl4u4kmDp4__GzI0faqq-DdwEK_Cjn2KznxHF_pdHbrPng==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
script
events.framer.com/
18 KB
7 KB
Script
General
Full URL
https://events.framer.com/script
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-20.fra60.r.cloudfront.net
Software
/
Resource Hash
89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-remapped-content-length
18177
timestamp
Tue, 29 Oct 2024 09:12:17 GMT
content-encoding
gzip
x-amz-apigw-id
AZ8XLGEVIAMEr3g=
x-amzn-trace-id
Root=1-6720a760-3bf239857e233e0a0914149b
x-amzn-requestid
110d1409-bce4-4e2b-a88f-8a33df57fad8
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
6204
x-amz-cf-id
fbNba6FI-_B_DpncZtTZAa8XZmYoqX7dAJm7I-S71I7i6SXQmX-8sQ==
date
Tue, 29 Oct 2024 09:14:08 GMT
content-type
text/javascript
x-amz-cf-pop
FRA60-P3
51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/
48 KB
49 KB
Image
General
Full URL
https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
466a4109aad7eac1b54590cea83d046585b5301c11a41ea83849b4068a43346c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"08ac86caa816275882986d454a93c188"
age
668482
x-content-type-options
nosniff
x-amzn-requestid
df36b023-b3a1-4315-8296-29e5d17271f1
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
_J0Gw_yDuv4kHHhfIXNlgKSnDW9rZn8FJFlHxKOdniyglK6bH3unaw==
date
Mon, 21 Oct 2024 15:32:46 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="_J0Gw_yDuv4kHHhfIXNlgKSnDW9rZn8FJFlHxKOdniyglK6bH3unaw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-6716741c-637a655e7a87e2682aeaec7b;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
a2V1lZc6ASK8uOxU5yj9R4gifc.webp
framerusercontent.com/images/
10 KB
11 KB
Image
General
Full URL
https://framerusercontent.com/images/a2V1lZc6ASK8uOxU5yj9R4gifc.webp?scale-down-to=512
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"c0eac56d40c3eb138ea68e1647d1b0e4"
age
1009529
x-content-type-options
nosniff
x-amzn-requestid
e42297d5-e147-4ce4-931a-b0c2e85cd56d
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4emf9Iryy5zuKmEi9DTv8F3AzlqmUwR7y7cLnAHiBtb5csaH-IDaNA==
date
Thu, 17 Oct 2024 16:48:39 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="4emf9Iryy5zuKmEi9DTv8F3AzlqmUwR7y7cLnAHiBtb5csaH-IDaNA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-67113fe5-2d152a5f2e7fbd7a744099a2;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
MbuqI7u5HCUaLo4OQVdLhiImU.webp
framerusercontent.com/images/
13 KB
14 KB
Image
General
Full URL
https://framerusercontent.com/images/MbuqI7u5HCUaLo4OQVdLhiImU.webp?scale-down-to=512
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
13d30d543967632ad4d7d6446df75f1afa5eec211817db6ff2a6cb4f11dd13ae
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"304dea2721467f782fadf835bde49b0a"
age
1182112
x-content-type-options
nosniff
x-amzn-requestid
cdad97db-2ace-4ee6-89d9-0813c10217d7
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
CEM90Sfqkb7SJwWDHQSHRUDs6Mw8hWWgrbbm50-A170iYxWT_vFiqg==
date
Tue, 15 Oct 2024 16:52:16 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CEM90Sfqkb7SJwWDHQSHRUDs6Mw8hWWgrbbm50-A170iYxWT_vFiqg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-670e9dc0-6d7992066310d16144bf93c6;Parent=6e3a534019427bed;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
yVA9Oy9wbaBjaChzIOH78YiSFE.webp
framerusercontent.com/images/
8 KB
9 KB
Image
General
Full URL
https://framerusercontent.com/images/yVA9Oy9wbaBjaChzIOH78YiSFE.webp?scale-down-to=512
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"7231b098b0757259dd2bbfd90a7fb0f9"
age
1622929
x-content-type-options
nosniff
x-amzn-requestid
67a2e76f-ba24-4a5a-8dc7-293009c032a6
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
46ruucfzJC4sJAdiPOVKKlkWRCgkMIy5Vlc2rRR5dSdqrngU_Z2Emw==
date
Thu, 10 Oct 2024 14:25:19 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="46ruucfzJC4sJAdiPOVKKlkWRCgkMIy5Vlc2rRR5dSdqrngU_Z2Emw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-6707e3ce-748ffa9202ef743742e9dfe8;Parent=1c8e226227a6a4e9;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
fOXtYSvzsNlw0tzPVKMsf72n0.png
framerusercontent.com/images/
24 KB
25 KB
Image
General
Full URL
https://framerusercontent.com/images/fOXtYSvzsNlw0tzPVKMsf72n0.png?scale-down-to=2048
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"a5fd6921c78d186fd22e12abbea6a593"
age
12777405
x-content-type-options
nosniff
x-amzn-requestid
9df5ba47-2ec8-4bec-96e9-11a9fef30e48
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
p82lTdB9WlNEAJWMgBDsNrXuiDkgZ8SNPSNBQvcSfSQj25SHHKfUTw==
date
Mon, 03 Jun 2024 11:57:23 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="p82lTdB9WlNEAJWMgBDsNrXuiDkgZ8SNPSNBQvcSfSQj25SHHKfUTw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
root=1-665dafa2-42d508f768a18ae373bdb131;sampled=1;lineage=f456f256:0
content-security-policy-report-only
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/
48 KB
0
Image
General
Full URL
https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
466a4109aad7eac1b54590cea83d046585b5301c11a41ea83849b4068a43346c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"08ac86caa816275882986d454a93c188"
age
668482
x-content-type-options
nosniff
x-amzn-requestid
df36b023-b3a1-4315-8296-29e5d17271f1
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
_J0Gw_yDuv4kHHhfIXNlgKSnDW9rZn8FJFlHxKOdniyglK6bH3unaw==
date
Mon, 21 Oct 2024 15:32:46 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="_J0Gw_yDuv4kHHhfIXNlgKSnDW9rZn8FJFlHxKOdniyglK6bH3unaw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-6716741c-637a655e7a87e2682aeaec7b;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
a2V1lZc6ASK8uOxU5yj9R4gifc.webp
framerusercontent.com/images/
10 KB
0
Image
General
Full URL
https://framerusercontent.com/images/a2V1lZc6ASK8uOxU5yj9R4gifc.webp?scale-down-to=512
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"c0eac56d40c3eb138ea68e1647d1b0e4"
age
1009529
x-content-type-options
nosniff
x-amzn-requestid
e42297d5-e147-4ce4-931a-b0c2e85cd56d
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4emf9Iryy5zuKmEi9DTv8F3AzlqmUwR7y7cLnAHiBtb5csaH-IDaNA==
date
Thu, 17 Oct 2024 16:48:39 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="4emf9Iryy5zuKmEi9DTv8F3AzlqmUwR7y7cLnAHiBtb5csaH-IDaNA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-67113fe5-2d152a5f2e7fbd7a744099a2;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
MbuqI7u5HCUaLo4OQVdLhiImU.webp
framerusercontent.com/images/
13 KB
0
Image
General
Full URL
https://framerusercontent.com/images/MbuqI7u5HCUaLo4OQVdLhiImU.webp?scale-down-to=512
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
13d30d543967632ad4d7d6446df75f1afa5eec211817db6ff2a6cb4f11dd13ae
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"304dea2721467f782fadf835bde49b0a"
age
1182112
x-content-type-options
nosniff
x-amzn-requestid
cdad97db-2ace-4ee6-89d9-0813c10217d7
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
CEM90Sfqkb7SJwWDHQSHRUDs6Mw8hWWgrbbm50-A170iYxWT_vFiqg==
date
Tue, 15 Oct 2024 16:52:16 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CEM90Sfqkb7SJwWDHQSHRUDs6Mw8hWWgrbbm50-A170iYxWT_vFiqg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-670e9dc0-6d7992066310d16144bf93c6;Parent=6e3a534019427bed;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
yVA9Oy9wbaBjaChzIOH78YiSFE.webp
framerusercontent.com/images/
8 KB
0
Image
General
Full URL
https://framerusercontent.com/images/yVA9Oy9wbaBjaChzIOH78YiSFE.webp?scale-down-to=512
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"7231b098b0757259dd2bbfd90a7fb0f9"
age
1622929
x-content-type-options
nosniff
x-amzn-requestid
67a2e76f-ba24-4a5a-8dc7-293009c032a6
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
46ruucfzJC4sJAdiPOVKKlkWRCgkMIy5Vlc2rRR5dSdqrngU_Z2Emw==
date
Thu, 10 Oct 2024 14:25:19 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="46ruucfzJC4sJAdiPOVKKlkWRCgkMIy5Vlc2rRR5dSdqrngU_Z2Emw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-6707e3ce-748ffa9202ef743742e9dfe8;Parent=1c8e226227a6a4e9;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
truncated
/
248 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
1ZFS7N918ojhhd0nQWdj3jz4w.woff2
framerusercontent.com/assets/
27 KB
28 KB
Font
General
Full URL
https://framerusercontent.com/assets/1ZFS7N918ojhhd0nQWdj3jz4w.woff2
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
3000
etag
"9a2dbfafd3686aa72cb303a41be28527"
x-amz-version-id
FhKj_VGbf4ha4CqtjcCeHMQzi9fH8cVU
age
4153400
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="d0iiTQSJDJXAQJcFwCynKZM1GmRg6M8fl53VAdO4Rp-BPS9mb38Ijg==",cdn-downstream-fbl=3
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Wed, 11 Sep 2024 07:30:49 GMT
content-type
font/woff2
last-modified
Mon, 15 Jul 2024 14:12:44 GMT
x-amz-server-side-encryption-aws-kms-key-id
arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-id
d0iiTQSJDJXAQJcFwCynKZM1GmRg6M8fl53VAdO4Rp-BPS9mb38Ijg==
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
28004
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
aws:kms
Inter-Medium.latin-Y3IVPL46.woff2
app.framerstatic.com/
19 KB
20 KB
Font
General
Full URL
https://app.framerstatic.com/Inter-Medium.latin-Y3IVPL46.woff2
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:6c00:d:6b42:4ec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
3600
etag
"f366e7b832c6d0e8a2038665895c0762"
x-amz-version-id
null
age
22598311
access-control-allow-methods
GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
3ilpcWXWkhcstnNZRfcT-sxlUeuiJK5BVPIWm4S2-tWw6IxmClgNTQ==
date
Sat, 10 Feb 2024 19:55:39 GMT
content-type
font/woff2
last-modified
Sat, 10 Feb 2024 12:18:59 GMT
x-frame-options
deny
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, immutable
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
19904
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA56-P4
server
CloudFront
x-amz-server-side-encryption
AES256
vQyevYAyHtARFwPqUzQGpnDs.woff2
framerusercontent.com/assets/
27 KB
28 KB
Font
General
Full URL
https://framerusercontent.com/assets/vQyevYAyHtARFwPqUzQGpnDs.woff2
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
3000
etag
"a14a424239fd9cb2e305f2243b1f6177"
x-amz-version-id
SH9la86RvjI0NEj8MqfrPHVtgDnLUhAV
age
7008517
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="O-cjsgtjUB4Yup0RDNhjpMxe7XDCKUl_dxPDkC1wI217jjuMTSLo8g==",cdn-downstream-fbl=2
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Fri, 09 Aug 2024 06:25:32 GMT
content-type
font/woff2
last-modified
Mon, 15 Jul 2024 14:12:38 GMT
x-amz-server-side-encryption-aws-kms-key-id
arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-id
O-cjsgtjUB4Yup0RDNhjpMxe7XDCKUl_dxPDkC1wI217jjuMTSLo8g==
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
27404
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
aws:kms
DXD0Q7LSl7HEvDzucnyLnGBHM.woff2
framerusercontent.com/assets/
27 KB
28 KB
Font
General
Full URL
https://framerusercontent.com/assets/DXD0Q7LSl7HEvDzucnyLnGBHM.woff2
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://hunt.io/

Response headers

access-control-max-age
3000
etag
"757ca4a792b8c7bbe09f6e6cee76e727"
x-amz-version-id
bCCG3uSnAgT3MLzz1ZSQU2cVkYB4Lve.
age
7835240
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="_St7NdtYacjj5aiQF4dXG7n8ec6ZL2wZk-00OMCcOzTQy-0AUTy8NQ==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Tue, 30 Jul 2024 16:46:48 GMT
content-type
font/woff2
last-modified
Mon, 15 Jul 2024 14:11:33 GMT
x-amz-server-side-encryption-aws-kms-key-id
arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-id
_St7NdtYacjj5aiQF4dXG7n8ec6ZL2wZk-00OMCcOzTQy-0AUTy8NQ==
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
27992
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
aws:kms
figure_1_open_directory_page_for_27_124_45_146.webp
app.hunt.io/images/blogs/rekoobe-backdoor/
69 KB
70 KB
Image
General
Full URL
https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_1_open_directory_page_for_27_124_45_146.webp
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c92ec757b24b1b04f4d36a27caabb4c2be8cc32e78c74cb46be7ce9b8ae2364
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cf-cache-status
HIT
etag
"671760f9-115a6"
age
6
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vMf6N4DioyhHgtMs6pOGGm6yXqtl%2B%2BE98G%2FBNKXuNdACz0HYcsamXwxkFtOoS060cDdOuXNijyfxWYT4A4NrQtbxDgqb6h2HfZv5LNSe%2FqQpDrGnAC2ezNcbd9nDuQbzK0uGFZ%2BzlbZ"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 08:23:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
strict-transport-security
max-age=31536000; includeSubdomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8da20dbe7b8edbab-FRA
accept-ranges
bytes
content-length
71078
x-xss-protection
1; mode=block
server
cloudflare
figure_2_triage_analysis_of_na_elf_processes.webp
app.hunt.io/images/blogs/rekoobe-backdoor/
89 KB
89 KB
Image
General
Full URL
https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_2_triage_analysis_of_na_elf_processes.webp
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dde3c2ae1dfa4d4e9dadce839a9b2a0d3a91e240f3e7fe83d0bfa2f940b7b0a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cf-cache-status
HIT
etag
"671760f9-16272"
age
5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zr81Zjf6NLBlARKpojSbYifi44kZo7zcD5NkvOpZ8VBeT1dHcpuAkJv3RSe13cEHEAurVD7tpyL4MTDqV0PauM1rLtn9PiXoUIlqAwLPuUcq1OAfeXUSAD77SajXgw2ZSWfsn8RtiF5i"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 08:23:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
strict-transport-security
max-age=31536000; includeSubdomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8da20dbe7b93dbab-FRA
accept-ranges
bytes
content-length
90738
x-xss-protection
1; mode=block
server
cloudflare
figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp
app.hunt.io/images/blogs/rekoobe-backdoor/
185 KB
185 KB
Image
General
Full URL
https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ee7cc956b330baaba5854c0ca727ced3b7e1006ac959eff06529b414dda33df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cf-cache-status
HIT
etag
"671760f9-2e3d0"
age
5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Coi0uAwpwe5CcFWtk822z%2FJzHGznbdF3SNho56ZxnETTifw56hADZguGAqaEJeRx24DyK9IOBLKQvu8lk8wEO9c4we9yByfuiUOGnTf1mYs4NHDoG7F4VR60gD4c7uATpzvdpXXBEV%2Fc"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 08:23:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
strict-transport-security
max-age=31536000; includeSubdomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8da20dbe7b92dbab-FRA
accept-ranges
bytes
content-length
189392
x-xss-protection
1; mode=block
server
cloudflare
anonymous
events.framer.com/
0
380 B
Ping
General
Full URL
https://events.framer.com/anonymous
Requested by
Host: events.framer.com
URL: https://events.framer.com/script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-20.fra60.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://hunt.io/

Response headers

x-amz-apigw-id
AZ8XNHLwIAMEEwA=
x-amzn-trace-id
Root=1-6720a760-33065bfa253f061d3cf88a2c;Parent=2ca6fc4a434113c1;Sampled=0;Lineage=1:c457ad49:0
x-amzn-requestid
05b50457-714a-4fa8-a2d0-c9f2dce8113d
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
X0oHGm3_gypsw7kQZZlog2qE5Xx3eKFlczpwT_vdsiH3hW39uNvYnw==
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
application/json
x-amz-cf-pop
FRA60-P3
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-CKJY21YJ7N&gtm=45je4ao0v9166211784za200&_p=1730193248287&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533422~101823848~101925629&cid=56232718.1730193249&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1730193248&sct=1&seg=0&dl=https%3A%2F%2Fhunt.io%2Fblog%2Frekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users&dt=Rekoobe%20Backdoor%20Discovered%20in%20Open%20Directory%2C%20Possibly%20Targeting%20TradingView%20Users&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1335
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://hunt.io
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
text/plain
server
Golfe2
fOXtYSvzsNlw0tzPVKMsf72n0.png
framerusercontent.com/images/
24 KB
0
Image
General
Full URL
https://framerusercontent.com/images/fOXtYSvzsNlw0tzPVKMsf72n0.png?scale-down-to=2048
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"a5fd6921c78d186fd22e12abbea6a593"
age
12777405
x-content-type-options
nosniff
x-amzn-requestid
9df5ba47-2ec8-4bec-96e9-11a9fef30e48
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
p82lTdB9WlNEAJWMgBDsNrXuiDkgZ8SNPSNBQvcSfSQj25SHHKfUTw==
date
Mon, 03 Jun 2024 11:57:23 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="p82lTdB9WlNEAJWMgBDsNrXuiDkgZ8SNPSNBQvcSfSQj25SHHKfUTw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
root=1-665dafa2-42d508f768a18ae373bdb131;sampled=1;lineage=f456f256:0
content-security-policy-report-only
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
wvsIsx8BB-indexes-default.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/
3 KB
3 KB
Fetch
General
Full URL
https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/wvsIsx8BB-indexes-default.framercms
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MTEMCWZP.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
8171a3be53afe0f6851c08b9bc1a881ce231a76d9e3c9bd9ff9ff785ed4f9597
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=5918-8628
Referer
https://hunt.io/

Response headers

access-control-expose-headers
Content-Range
age
401927
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="-N43rr1bFL-VOwml11tGpqAqUrYGq8IT3I4sx_951OseO8m8YLR3SQ==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:23 GMT
content-type
application/octet-stream
x-amz-cf-id
-N43rr1bFL-VOwml11tGpqAqUrYGq8IT3I4sx_951OseO8m8YLR3SQ==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
Content-Range
bytes 5918-8628/220277
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
Content-Length
2711
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
psEar9BZHC3V1ST6mGHxVJQfBxc.png
framerusercontent.com/images/
391 B
1 KB
Other
General
Full URL
https://framerusercontent.com/images/psEar9BZHC3V1ST6mGHxVJQfBxc.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"939ec6fdc5062f6529950c37ab817812"
age
13199864
x-content-type-options
nosniff
x-amzn-requestid
b0ac55ce-81d8-4ec5-a63d-b4e0230c1b65
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="nV2ZHnxa7dZJTfKjoeMK34OvIKfBBzwi-YLhFRub4F0E27LD1ovLvw==",cdn-downstream-fbl=2
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Wed, 29 May 2024 14:36:26 GMT
content-type
image/png
vary
Accept
x-amz-cf-id
nV2ZHnxa7dZJTfKjoeMK34OvIKfBBzwi-YLhFRub4F0E27LD1ovLvw==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
root=1-66573d6a-4e285cd21e7c73b36b481c52;sampled=1;lineage=f456f256:0
content-security-policy-report-only
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
referrer-policy
strict-origin-when-cross-origin
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
wvsIsx8BB-chunk-default-0.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/
115 B
646 B
Fetch
General
Full URL
https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/wvsIsx8BB-chunk-default-0.framercms
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MTEMCWZP.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
5ec38eed1b928d0f44c4a512816281b6cff3953153430fe5d531c2b1a9abe169
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=4-118
Referer
https://hunt.io/

Response headers

access-control-expose-headers
Content-Range
age
401927
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="1NQ3o8MI4WLmA2C_mNYCFw7_N8O4f5lDIQC9s2hsKhfN3npddmuK7g==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:23 GMT
content-type
application/octet-stream
x-amz-cf-id
1NQ3o8MI4WLmA2C_mNYCFw7_N8O4f5lDIQC9s2hsKhfN3npddmuK7g==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
Content-Range
bytes 4-118/195821
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
Content-Length
115
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
wvsIsx8BB-chunk-default-dict.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/
31 KB
32 KB
Fetch
General
Full URL
https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/wvsIsx8BB-chunk-default-dict.framercms
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MTEMCWZP.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
4dbf67e6aefbd0922fd238eeb55bbb39fb69a12ba44cf58eec4d17a1774382e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

access-control-expose-headers
Content-Range
age
370371
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Fm85FynYFzQK1DJYHVFU-JmMyHq7DXp1EeELgTRfWRwnI1bq5TCh_g==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Fri, 25 Oct 2024 02:21:19 GMT
content-type
application/octet-stream
x-amz-cf-id
Fm85FynYFzQK1DJYHVFU-JmMyHq7DXp1EeELgTRfWRwnI1bq5TCh_g==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
content-length
32000
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
Sun.js
framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/
Redirect Chain
  • https://framer.com/m/phosphor-icons/Sun.js@0.0.53
  • https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js
5 KB
2 KB
Script
General
Full URL
https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js
Protocol
H3
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
e77e2400288b5496592bb75f3d2c61871d947b1705f8a2d98c4bdea3a8ebbadd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://framerusercontent.com/

Response headers

access-control-expose-headers
Content-Range
content-encoding
br
age
468358
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="L-djm9mly5X6JR7Ynv5FOxT32tzZWpZTS3qkxrS6wbgAElXJZyBfxg==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Wed, 23 Oct 2024 23:08:13 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-id
L-djm9mly5X6JR7Ynv5FOxT32tzZWpZTS3qkxrS6wbgAElXJZyBfxg==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6

Redirect headers

access-control-expose-headers
Content-Range
age
586
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
8e6jGfo-4TWrFn8YUjzaCx47IipYoHWS6KFPdGhS8pKEop5iieH0dw==
date
Tue, 29 Oct 2024 09:04:25 GMT
content-type
text/html; charset=utf-8
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=3600
location
https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js
referrer-policy
strict-origin-when-cross-origin
via
1.1 5045d3a1f76416b3ecc1cca4c66b0ef4.cloudfront.net (CloudFront)
access-control-allow-origin
*
content-length
109
x-xss-protection
0
x-amz-cf-pop
FRA60-P8
Moon.js
framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/
Redirect Chain
  • https://framer.com/m/phosphor-icons/Moon.js@0.0.53
  • https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js
4 KB
2 KB
Script
General
Full URL
https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js
Protocol
H3
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
cf51594b76c66c43206e9aa471baec6a92594ea6b8cbead1b40f445468de76e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://framerusercontent.com/

Response headers

access-control-expose-headers
Content-Range
content-encoding
br
age
435651
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="v321x7KBI-iThzVq5b_m5uwVVbeeTO26tg5evGtCOotrKLIv0U9XYg==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 08:13:20 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-id
v321x7KBI-iThzVq5b_m5uwVVbeeTO26tg5evGtCOotrKLIv0U9XYg==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6

Redirect headers

access-control-expose-headers
Content-Range
age
1848
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
GMWS2Ri_w32bEHdzl995uYUyM1lxgeLfaUgw4aGfNWPBMNu7MRKiaw==
date
Tue, 29 Oct 2024 08:43:23 GMT
content-type
text/html; charset=utf-8
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=3600
location
https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js
referrer-policy
strict-origin-when-cross-origin
via
1.1 5045d3a1f76416b3ecc1cca4c66b0ef4.cloudfront.net (CloudFront)
access-control-allow-origin
*
content-length
110
x-xss-protection
0
x-amz-cf-pop
FRA60-P8
figure_1_open_directory_page_for_27_124_45_146.webp
app.hunt.io/images/blogs/rekoobe-backdoor/
69 KB
0
Image
General
Full URL
https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_1_open_directory_page_for_27_124_45_146.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c92ec757b24b1b04f4d36a27caabb4c2be8cc32e78c74cb46be7ce9b8ae2364
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cf-cache-status
HIT
etag
"671760f9-115a6"
age
6
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vMf6N4DioyhHgtMs6pOGGm6yXqtl%2B%2BE98G%2FBNKXuNdACz0HYcsamXwxkFtOoS060cDdOuXNijyfxWYT4A4NrQtbxDgqb6h2HfZv5LNSe%2FqQpDrGnAC2ezNcbd9nDuQbzK0uGFZ%2BzlbZ"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 08:23:21 GMT
vary
Accept-Encoding
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
x-frame-options
SAMEORIGIN
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8da20dbe7b8edbab-FRA
accept-ranges
bytes
content-length
71078
x-xss-protection
1; mode=block
server
cloudflare
figure_2_triage_analysis_of_na_elf_processes.webp
app.hunt.io/images/blogs/rekoobe-backdoor/
89 KB
0
Image
General
Full URL
https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_2_triage_analysis_of_na_elf_processes.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dde3c2ae1dfa4d4e9dadce839a9b2a0d3a91e240f3e7fe83d0bfa2f940b7b0a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cf-cache-status
HIT
etag
"671760f9-16272"
age
5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zr81Zjf6NLBlARKpojSbYifi44kZo7zcD5NkvOpZ8VBeT1dHcpuAkJv3RSe13cEHEAurVD7tpyL4MTDqV0PauM1rLtn9PiXoUIlqAwLPuUcq1OAfeXUSAD77SajXgw2ZSWfsn8RtiF5i"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 08:23:21 GMT
vary
Accept-Encoding
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
x-frame-options
SAMEORIGIN
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8da20dbe7b93dbab-FRA
accept-ranges
bytes
content-length
90738
x-xss-protection
1; mode=block
server
cloudflare
figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp
app.hunt.io/images/blogs/rekoobe-backdoor/
185 KB
0
Image
General
Full URL
https://app.hunt.io/images/blogs/rekoobe-backdoor/figure_3_results_of_clicking_the_rekoobe_tag_to_find_additional_open_directories_hosting_the_malware.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ee7cc956b330baaba5854c0ca727ced3b7e1006ac959eff06529b414dda33df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

cf-cache-status
HIT
etag
"671760f9-2e3d0"
age
5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Coi0uAwpwe5CcFWtk822z%2FJzHGznbdF3SNho56ZxnETTifw56hADZguGAqaEJeRx24DyK9IOBLKQvu8lk8wEO9c4we9yByfuiUOGnTf1mYs4NHDoG7F4VR60gD4c7uATpzvdpXXBEV%2Fc"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Tue, 29 Oct 2024 09:14:09 GMT
content-type
image/webp
last-modified
Tue, 22 Oct 2024 08:23:21 GMT
vary
Accept-Encoding
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
x-frame-options
SAMEORIGIN
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8da20dbe7b92dbab-FRA
accept-ranges
bytes
content-length
189392
x-xss-protection
1; mode=block
server
cloudflare
wvsIsx8BB-indexes-default.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/
523 B
1 KB
Fetch
General
Full URL
https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/wvsIsx8BB-indexes-default.framercms
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MTEMCWZP.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
869873630e6f40810bdfe728e711daf0602892ddfa621debbf374102c6129dc7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=11706-12228
Referer
https://hunt.io/

Response headers

access-control-expose-headers
Content-Range
age
401928
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="pNlWuEeosWPaW0xq7JJedNkbYYEgSB8HWxcmCTjfHjm8FIsUarD4Eg==",cdn-downstream-fbl=2
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:23 GMT
content-type
application/octet-stream
x-amz-cf-id
pNlWuEeosWPaW0xq7JJedNkbYYEgSB8HWxcmCTjfHjm8FIsUarD4Eg==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
Content-Range
bytes 11706-12228/220277
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
Content-Length
523
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
wvsIsx8BB-chunk-default-0.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/
6 KB
7 KB
Fetch
General
Full URL
https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/DngUWb93Zy8a5heCgw8G/wvsIsx8BB-chunk-default-0.framercms
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MTEMCWZP.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
f5184e47bd2e01f906148938bfb850bd6cd85fd358b1be0f22f339beddcb13e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=119-6614
Referer
https://hunt.io/

Response headers

access-control-expose-headers
Content-Range
age
401928
access-control-allow-methods
GET, HEAD, OPTIONS
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="UwFScCKFZancBV2gOZsMvOI_ajGG6tM4jjBvyQzR3512FlfarWf97g==",cdn-downstream-fbl=4
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:23 GMT
content-type
application/octet-stream
x-amz-cf-id
UwFScCKFZancBV2gOZsMvOI_ajGG6tM4jjBvyQzR3512FlfarWf97g==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, immutable
timing-allow-origin
*
Content-Range
bytes 119-6614/195821
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
Content-Length
6496
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
51efjmRovFsjZMClijKip8G0tqA.webp
framerusercontent.com/images/
12 KB
13 KB
Image
General
Full URL
https://framerusercontent.com/images/51efjmRovFsjZMClijKip8G0tqA.webp?scale-down-to=512
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
52d3d229833e7e09e5c6fdb3aaf2567bf1c4f3d392516321d82d3044ef5e18fc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"7c16933b0adf74db37d6f053cd283bd6"
age
668906
x-content-type-options
nosniff
x-amzn-requestid
f10ded2c-7b03-44da-aab2-631e6d5edaa0
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="I9vTgUjJxbdTfUuJXaltU1nLUT0KGQQjCaVA2MT_AX38FDNX3w3SxA==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Mon, 21 Oct 2024 15:25:45 GMT
content-type
image/avif
vary
Accept
x-amz-cf-id
I9vTgUjJxbdTfUuJXaltU1nLUT0KGQQjCaVA2MT_AX38FDNX3w3SxA==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-67167278-578ad50866bbd1ed0659d3d0;Parent=67a2e11af2b96694;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
a2V1lZc6ASK8uOxU5yj9R4gifc.webp
framerusercontent.com/images/
10 KB
0
Image
General
Full URL
https://framerusercontent.com/images/a2V1lZc6ASK8uOxU5yj9R4gifc.webp?scale-down-to=512
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"c0eac56d40c3eb138ea68e1647d1b0e4"
age
1009529
x-content-type-options
nosniff
x-amzn-requestid
e42297d5-e147-4ce4-931a-b0c2e85cd56d
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4emf9Iryy5zuKmEi9DTv8F3AzlqmUwR7y7cLnAHiBtb5csaH-IDaNA==
date
Thu, 17 Oct 2024 16:48:39 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="4emf9Iryy5zuKmEi9DTv8F3AzlqmUwR7y7cLnAHiBtb5csaH-IDaNA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-67113fe5-2d152a5f2e7fbd7a744099a2;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
MbuqI7u5HCUaLo4OQVdLhiImU.webp
framerusercontent.com/images/
13 KB
0
Image
General
Full URL
https://framerusercontent.com/images/MbuqI7u5HCUaLo4OQVdLhiImU.webp?scale-down-to=512
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
13d30d543967632ad4d7d6446df75f1afa5eec211817db6ff2a6cb4f11dd13ae
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"304dea2721467f782fadf835bde49b0a"
age
1182112
x-content-type-options
nosniff
x-amzn-requestid
cdad97db-2ace-4ee6-89d9-0813c10217d7
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
CEM90Sfqkb7SJwWDHQSHRUDs6Mw8hWWgrbbm50-A170iYxWT_vFiqg==
date
Tue, 15 Oct 2024 16:52:16 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CEM90Sfqkb7SJwWDHQSHRUDs6Mw8hWWgrbbm50-A170iYxWT_vFiqg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-670e9dc0-6d7992066310d16144bf93c6;Parent=6e3a534019427bed;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
yVA9Oy9wbaBjaChzIOH78YiSFE.webp
framerusercontent.com/images/
8 KB
0
Image
General
Full URL
https://framerusercontent.com/images/yVA9Oy9wbaBjaChzIOH78YiSFE.webp?scale-down-to=512
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ee00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"7231b098b0757259dd2bbfd90a7fb0f9"
age
1622929
x-content-type-options
nosniff
x-amzn-requestid
67a2e76f-ba24-4a5a-8dc7-293009c032a6
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
46ruucfzJC4sJAdiPOVKKlkWRCgkMIy5Vlc2rRR5dSdqrngU_Z2Emw==
date
Thu, 10 Oct 2024 14:25:19 GMT
content-type
image/avif
vary
Accept
x-frame-options
deny
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="46ruucfzJC4sJAdiPOVKKlkWRCgkMIy5Vlc2rRR5dSdqrngU_Z2Emw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-6707e3ce-748ffa9202ef743742e9dfe8;Parent=1c8e226227a6a4e9;Sampled=0;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
a2V1lZc6ASK8uOxU5yj9R4gifc.webp
framerusercontent.com/images/
232 KB
232 KB
Image
General
Full URL
https://framerusercontent.com/images/a2V1lZc6ASK8uOxU5yj9R4gifc.webp
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-VI3F2EC2.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
b9a0c5d06e3359615f6eb3fc817f5ba34e8e26941abbe1f1b96ee89765ec216d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"c72ef7ba2c47622b877561d00dde2fe6"
age
1009495
x-content-type-options
nosniff
x-amzn-requestid
d54a4a1e-bab3-4f44-a9d6-0818b9d511ed
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="iaHPHbLd5qZUAwNkVPqBUUp51_-LZhbWMkpb7AYeGELfXkUInz0E3w==",cdn-downstream-fbl=2
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 17 Oct 2024 16:49:17 GMT
content-type
image/avif
vary
Accept
x-amz-cf-id
iaHPHbLd5qZUAwNkVPqBUUp51_-LZhbWMkpb7AYeGELfXkUInz0E3w==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-67114000-42013c7e106f5e5601f81879;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
MbuqI7u5HCUaLo4OQVdLhiImU.webp
framerusercontent.com/images/
190 KB
191 KB
Image
General
Full URL
https://framerusercontent.com/images/MbuqI7u5HCUaLo4OQVdLhiImU.webp
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-VI3F2EC2.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
/
Resource Hash
7dab04ea6599bfb6f68dc3c8bf4718f50e16ccf9adfc3154492882c3c6ba7ac7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hunt.io/

Response headers

etag
"a63a17a25fd59e3b2820f16c3d7aa11f"
age
1177750
x-content-type-options
nosniff
x-amzn-requestid
7f96c3db-ce4c-4d4e-885d-8582fcc4c135
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="IFVpB4zqFQHK6jNPRii5eRNxCAWz6ssE4WjJMCyK9b0kCzTZ2JGanw==",cdn-downstream-fbl=2
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Tue, 15 Oct 2024 18:05:02 GMT
content-type
image/avif
vary
Accept
x-amz-cf-id
IFVpB4zqFQHK6jNPRii5eRNxCAWz6ssE4WjJMCyK9b0kCzTZ2JGanw==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control
public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-amzn-trace-id
Root=1-670eaec6-1530af1a2ebf6a4a0d87deea;Sampled=1;Lineage=1:f456f256:0
referrer-policy
strict-origin-when-cross-origin
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
cQXEnZH8Ptw0zIJhHGTmk_eRGl1uBJF_AHhUUAlNKHk.GRVSRS7O.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
96 KB
13 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/cQXEnZH8Ptw0zIJhHGTmk_eRGl1uBJF_AHhUUAlNKHk.GRVSRS7O.mjs
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
55f9fcf8469e4d003316839815ee20869e6257340ce1ac8c057cfda22c857afb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"9aa1cc552b30f0eb98a59639a33717f1"
x-amz-version-id
LztMLRqgXWaDohHGm9nKes4D3WihvJdJ
age
401930
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="I700BdObxc7DfVcKV2R-wGv9hmpV1BE2HfeUGcBoxOwsK1MqZmU2_Q==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:23 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
I700BdObxc7DfVcKV2R-wGv9hmpV1BE2HfeUGcBoxOwsK1MqZmU2_Q==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
7nvGry3j3Lagr-bg62UjsuCR3FSPZpCnVv74AGlBIsA.DX7HI76U.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
40 KB
7 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/7nvGry3j3Lagr-bg62UjsuCR3FSPZpCnVv74AGlBIsA.DX7HI76U.mjs
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
d93e25e3ac5a1fb6ced68c2a94669e2c6be05afc18962a09b9b47d8766031e09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"c8876de6208c31490b2bf44caf60ad4f"
x-amz-version-id
09grMScj9QVMyieEt750.To2UhtQ0v4W
age
401928
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="mdpBVF21-YZxETh6ZnP50e-1Vkfy00BH55KNOM_-MwvCXSuP7fqLAQ==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:25 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
mdpBVF21-YZxETh6ZnP50e-1Vkfy00BH55KNOM_-MwvCXSuP7fqLAQ==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
IRjHrVtXgP8DqdxJJgDLnPoSfU8pf44r2kULtOIir38.NHHAQ5V6.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
45 KB
8 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/IRjHrVtXgP8DqdxJJgDLnPoSfU8pf44r2kULtOIir38.NHHAQ5V6.mjs
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
21b8eecfc1d1940f5e21a18a1892b5a69243bcc8f89506db59675f7a5e085a9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"53f27efb46cce732e7d09c63ad15011a"
x-amz-version-id
.UNGLZBEhCVp2uV_xbc1oS42y6RDloLP
age
401928
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Tcw4JCGsux9ZgQxjGGfQQSpVPji0pbnR5SgSd39D8dsR7Ayxl9y9QA==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:25 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
Tcw4JCGsux9ZgQxjGGfQQSpVPji0pbnR5SgSd39D8dsR7Ayxl9y9QA==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-6UFG4TWW.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
1000 B
1 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-6UFG4TWW.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
219b4e34e707365a8236438d5af4504120f284b523d95eb63c05bba3f0aa4b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/7nvGry3j3Lagr-bg62UjsuCR3FSPZpCnVv74AGlBIsA.DX7HI76U.mjs

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"0396206f2839e31813dd35bf14a510a4"
x-amz-version-id
PYPOo3WII3JWmEx6N7bWyIeLCfRCS5C6
age
9395595
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="V7dJyawdd_lZRIf9hySD4UuPwG6RMwLXP6758dVHT9vSVgSgI_k40Q==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Fri, 12 Jul 2024 15:20:58 GMT
content-type
text/javascript
last-modified
Fri, 12 Jul 2024 15:08:08 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
V7dJyawdd_lZRIf9hySD4UuPwG6RMwLXP6758dVHT9vSVgSgI_k40Q==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-QVWF5RLE.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
1 KB
1 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-QVWF5RLE.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
4f9aac5a767e402eddb193e858d136c1d73fe4340a2065899a0246322e80715d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/cQXEnZH8Ptw0zIJhHGTmk_eRGl1uBJF_AHhUUAlNKHk.GRVSRS7O.mjs

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"189f8486091dcd97cb7939ec6c3c47b0"
x-amz-version-id
wf9kYCdGiMMY3571kBBPk_TMQZ1Tg8lq
age
5501536
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="AS9KwjzVlpTA-JupeXATAjRk_4YSMnP-Yj9fq2BenICPsTOLIKCyEg==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Mon, 26 Aug 2024 17:01:57 GMT
content-type
text/javascript
last-modified
Mon, 26 Aug 2024 16:08:22 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
AS9KwjzVlpTA-JupeXATAjRk_4YSMnP-Yj9fq2BenICPsTOLIKCyEg==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-T5EFLHWR.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
996 B
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-T5EFLHWR.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
b8d271456844cdc4afcb7f243e38180242a9c4f66aadc2b09cafc0fa008f9e5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/IRjHrVtXgP8DqdxJJgDLnPoSfU8pf44r2kULtOIir38.NHHAQ5V6.mjs

Response headers

access-control-max-age
0
etag
"3a1dc2e88c88fcf981796246d967d8a5"
x-amz-version-id
skofvOB70qZckvNcGdtnUskVpE8LUU_a
age
4151204
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="K9OemksXLAtEYDmTK1zzTSoP441iB18UIMwhO54rF6mtutseDi8BLw==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Wed, 11 Sep 2024 08:07:29 GMT
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 13:03:11 GMT
vary
Origin
x-amz-cf-id
K9OemksXLAtEYDmTK1zzTSoP441iB18UIMwhO54rF6mtutseDi8BLw==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
996
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.GAGDQGTN.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
74 KB
11 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.GAGDQGTN.mjs
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
f99a07d9ede056f73cc7293ce1a39eca135dd059eb1fef8662070bf38ade9160
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs

Response headers

access-control-max-age
0
content-encoding
br
etag
W/"f9422b6699742766e16578b775ca1e2f"
x-amz-version-id
TJx0A6l6oZZtY1mZYRisFqVKsodIeuOQ
age
401928
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="zR9EAL2TtmAsR3_pO05jV56a5saionzozYk5CgeLNwsczkl_0mrq_A==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Thu, 24 Oct 2024 17:35:25 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:28 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
zR9EAL2TtmAsR3_pO05jV56a5saionzozYk5CgeLNwsczkl_0mrq_A==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.TODKUK6X.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
87 KB
14 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.TODKUK6X.mjs
Requested by
Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
236c7871646d67afe9fb989900b15111759e732f629120f57d1b0ed2f9b9c79c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.U72VEBQA.mjs

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"91f88866813924fe203b75ffdee8c6f1"
x-amz-version-id
gf2hgY5CXpjwVbF6gh1xYkOOleeGO9vR
age
370376
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="gkMJAbk99svuD_ycI5ei8fHN4AImpxp-W94qUoUJOA8FfxXx7Fedxw==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Fri, 25 Oct 2024 02:21:17 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:26 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
gkMJAbk99svuD_ycI5ei8fHN4AImpxp-W94qUoUJOA8FfxXx7Fedxw==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-2GYV7IVM.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
933 B
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2GYV7IVM.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.GAGDQGTN.mjs

Response headers

access-control-max-age
0
etag
"24298ba8391c7d23a5170e0e38318a28"
x-amz-version-id
4vGIXYTq8ueJqN572Ig7jiu.3n5EU9ic
age
4151204
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="QXkUx3D2fpzTSjRpwrb2BYboQMnUZBEVFsMHozwwZng3jekj2FrXQA==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Wed, 11 Sep 2024 08:07:29 GMT
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 13:03:14 GMT
vary
Origin
x-amz-cf-id
QXkUx3D2fpzTSjRpwrb2BYboQMnUZBEVFsMHozwwZng3jekj2FrXQA==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
933
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-2MP2Z6KV.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
993 B
2 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2MP2Z6KV.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.TODKUK6X.mjs

Response headers

access-control-max-age
0
etag
"a0270dad90dd051af03ad27f756ce88b"
x-amz-version-id
Xa6i0f68HFqGuYAYsjcBEL8VNbvS_6X7
age
370376
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="ov6rvQLIN63lucWSIwc3_MENxZS44aEsqwuWDIiR8sMozKH-Kw0V4w==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Fri, 25 Oct 2024 02:21:17 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:26 GMT
vary
Origin
x-amz-cf-id
ov6rvQLIN63lucWSIwc3_MENxZS44aEsqwuWDIiR8sMozKH-Kw0V4w==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
993
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256
chunk-66POYJON.mjs
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/
16 KB
4 KB
Script
General
Full URL
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-66POYJON.mjs
Requested by
Host: hunt.io
URL: https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.7.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-11.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
9aaaf2a26c2b70553a5de2837897e6d38cc8ffa7dbab8288f6a93234e46b2441
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://hunt.io
Referer
https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.TODKUK6X.mjs

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"7adc7fdbbe424b74be411bd7fe0776f7"
x-amz-version-id
JoFJ0EFOwCnrjo6fjsqh.uYKs_8stJAy
age
370376
access-control-allow-methods
GET
x-content-type-options
nosniff
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="RofbvOtaovSMoEusMJ3Whu0ptg0bC-fsHTL1FpUh8ljoASMmkxY4OQ==",cdn-downstream-fbl=1
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Fri, 25 Oct 2024 02:21:17 GMT
content-type
text/javascript
last-modified
Thu, 24 Oct 2024 17:21:27 GMT
vary
Accept-Encoding,Origin
x-amz-cf-id
RofbvOtaovSMoEusMJ3Whu0ptg0bC-fsHTL1FpUh8ljoASMmkxY4OQ==
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
via
1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
0
x-amz-cf-pop
FRA56-P6
server
CloudFront
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer function| __framer_onRewriteBreakpoints function| c object| google_tag_manager object| google_tag_data function| __send_framer_event object| __framer_events function| onYouTubeIframeAPIReady object| gaGlobal function| __framer_importFromPackage object| process boolean| MotionIsMounted

2 Cookies

Domain/Path Name / Value
.hunt.io/ Name: _ga_CKJY21YJ7N
Value: GS1.1.1730193248.1.0.1730193248.0.0.0
.hunt.io/ Name: _ga
Value: GA1.1.56232718.1730193249

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.framerstatic.com
app.hunt.io
events.framer.com
framer.com
framerusercontent.com
hunt.io
region1.google-analytics.com
www.googletagmanager.com
108.138.7.11
13.32.99.20
2001:4860:4802:34::36
2600:9000:223e:6c00:d:6b42:4ec0:93a1
2600:9000:2490:ee00:d:ada1:a280:93a1
2600:9000:2761:7c00:10:9b9d:b9c0:93a1
2606:4700:3108::ac42:2b78
2a00:1450:4001:82a::2008
52.223.52.2
0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b
13d30d543967632ad4d7d6446df75f1afa5eec211817db6ff2a6cb4f11dd13ae
1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859
18dc89dc56432e7c530b0a7a0982f8d518a9e0f071823526c6c8828e7a8da9d9
1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3
195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f
20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a
219b4e34e707365a8236438d5af4504120f284b523d95eb63c05bba3f0aa4b0b
21b8eecfc1d1940f5e21a18a1892b5a69243bcc8f89506db59675f7a5e085a9d
236c7871646d67afe9fb989900b15111759e732f629120f57d1b0ed2f9b9c79c
2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f
381ce5e1b3e937f47c2f11c274952bcc3a0fa7b9d8364cae1558a0fa8f64379e
3c08171a3e6b17212701ac43c7efa1668fe013940f9425d6684e3bb8ce2345d5
3cc0a6497d22d728d2f685f704d69d798858b1179060ba36d397176b9ebe3fcc
4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b
417d16213a9a9a0562f54e67b239394276c6d7b63c7c65940ef738bc8fdbbef6
4553f59231acbd55eee344c86a06ae8cf57cccaf0f6d32d994690b1aa4c9360e
466a4109aad7eac1b54590cea83d046585b5301c11a41ea83849b4068a43346c
4c2ea0d625646ecd2897ebcda79b753b0e34a99dfc8384af8ee391ba2eb06016
4dbf67e6aefbd0922fd238eeb55bbb39fb69a12ba44cf58eec4d17a1774382e3
4f9aac5a767e402eddb193e858d136c1d73fe4340a2065899a0246322e80715d
52d3d229833e7e09e5c6fdb3aaf2567bf1c4f3d392516321d82d3044ef5e18fc
55f9fcf8469e4d003316839815ee20869e6257340ce1ac8c057cfda22c857afb
562d8025f722e7946a766890828d52f01a9d941cecc6922a7a1d85626ca022a0
5ec38eed1b928d0f44c4a512816281b6cff3953153430fe5d531c2b1a9abe169
7465b8c36361a6bbd3cda8a9719141a484cc4de4922f8b3a301d49f0044920dd
7dab04ea6599bfb6f68dc3c8bf4718f50e16ccf9adfc3154492882c3c6ba7ac7
8171a3be53afe0f6851c08b9bc1a881ce231a76d9e3c9bd9ff9ff785ed4f9597
8233de7581e6175d6b6860dbaa7c93ea09cf75d8ae42cd39f0175e3d33041306
869873630e6f40810bdfe728e711daf0602892ddfa621debbf374102c6129dc7
89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4
8ee7cc956b330baaba5854c0ca727ced3b7e1006ac959eff06529b414dda33df
9aa6f7adc37d9d1e0e2af9d7dd66aa5fe4b4748853d7643cb2b349860bc95581
9aaaf2a26c2b70553a5de2837897e6d38cc8ffa7dbab8288f6a93234e46b2441
9c92ec757b24b1b04f4d36a27caabb4c2be8cc32e78c74cb46be7ce9b8ae2364
a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c
a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891
b577d3ea1e90f95286806fcdf3bc1d9ca04489602ffcefc9aa5d6e81659b1647
b8d271456844cdc4afcb7f243e38180242a9c4f66aadc2b09cafc0fa008f9e5b
b9a0c5d06e3359615f6eb3fc817f5ba34e8e26941abbe1f1b96ee89765ec216d
c4e1356e693c43d043b2e8ab773ffb164dbd281139af0777cbfe92505eb3b44e
c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf
caafc1df3230f7c7ce3f1ab4c46c9d6c5d7be7c5c0b88f38d45c916287297d84
cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685
cf51594b76c66c43206e9aa471baec6a92594ea6b8cbead1b40f445468de76e0
d93e25e3ac5a1fb6ced68c2a94669e2c6be05afc18962a09b9b47d8766031e09
dde3c2ae1dfa4d4e9dadce839a9b2a0d3a91e240f3e7fe83d0bfa2f940b7b0a4
e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77e2400288b5496592bb75f3d2c61871d947b1705f8a2d98c4bdea3a8ebbadd
f0f6acfde0d7802d550168ed547286f5af441b5af3def6160ecca4a0a950f2c2
f2f232a78c891e1da92b565c7e268bece33c8dea013f11aab6ca1b378f900de2
f5184e47bd2e01f906148938bfb850bd6cd85fd358b1be0f22f339beddcb13e8
f99a07d9ede056f73cc7293ce1a39eca135dd059eb1fef8662070bf38ade9160
fa15c68ceae0701c3f437c821d5675f6d2f5564647ba8273acb43006fd7738fd