alt Hacker NewsHm, the url returns a png. Did he obscure the actual url? Couldn't get it to send me json or js...
Update: found a clone of the repo on github and got the payload, all you have to do is add a header `bearrtoken: logo`
It's obfuscated, I will feed it to qwen to see what can be gleaned.
Replies
throwawayffffas • today at 12:50 PM
So fed it to qwen. It seems to think it just a downloader and persistence mechanism for another payload. I will try to download it too and see what qwen thinks of that.
➕ show 1 reply
Same here.
I tried content-types, user-agent, but no luck. I'm not sure what the user-agent of `req` is, but the default `node-fetch/1.0` does make the response json. They are a 307, but the result is a png.
I presume the original payload may have contained information that the hackers want to keep from prying eyes. Esp. now that it landed on HN, it makes sense to take it offline and replace with an actual png to avoid people finding information in it that may harm their future hacks or so?