domain-admin@1.6.78
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
// Data staging
패턴: dest-via-hostname-var
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
25개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 74건을 publisher+name 기준으로 묶음). 최신순.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Security helper for Zudoku
→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc, reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-gitlab-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
F5 Distributed Cloud branded Starlight documentation theme
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Local-first, BYOK multi-host ops + SEO control plane — scan, diagnose and fix across 12 hosts from your own machine.
→ 크리덴셜 읽기 (reads-github-tokens, reads-gitlab-tokens, reads-gcp-creds, reads-aws-creds, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.
→ 크리덴셜 읽기 (reads-npmrc, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
APX — unified CLI + daemon for the Agent Project Context (APC) standard.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
CLI и AI-агент городского округа Йошкар-Ола.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
The `@trackunit/iris-app` package is a plugin for [NX by @nrwl](https://nx.dev/). This plugin adds some helpful generators used to set up a Trackunit Iris App project.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
QAECY UI Web Components
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Multi-provider LLM client with rate limiting, token tracking, structured outputs, and continuation handling
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
VulnSweep CLI - npm vulnerability scanner
→ 크리덴셜 읽기 (reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Hijack by Yusif Kerimov
→ 의심 전송지로 발송: ulehcosybxwttseibbych07wphlyoxhfr.oast.fun.
Unofficial Facebook Chat API for Node.js - by N1SA9
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Facebook Chat API - Modified by EryXenX | Stable, Auto Re-login, Fixed setMessageReaction
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 other host(s).
audit-logs
→ 의심 전송지로 발송: yihpvsviuggxabauqtuedjfyzjlrtkpzx.oast.fun.
→ 의심 전송지로 발송: webhook.site.
Alex Birsan Style
→ 의심 전송지로 발송: lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
Full RCE PoC - Alex Birsan Style
→ 의심 전송지로 발송: lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
Style
→ 의심 전송지로 발송: lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
Full RCE PoC - Alex Birsan Style
→ 의심 전송지로 발송: lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
xxx
→ 의심 전송지로 발송: lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.
Full RCE PoC -osama
→ 의심 전송지로 발송: lszakfghwnvxspyfcmaabd1css99rnq3w.oast.fun.