@bolloon/bolloon-agent8 versions·0.1.16→0.1.28
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
// Suspicious network destinations
패턴: http-to-public-ip
Packages that POST or GET to a hardcoded public IPv4 literal — not a hostname, not RFC1918 / loopback. Strong indicator of attacker-controlled command-and-control infrastructure.
15개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 26건을 publisher+name 기준으로 묶음). 최신순.
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
EPyT: An EPANET-Python Toolkit for Smart Water Network Simulations. The EPyT is inspired by the EPANET-Matlab Toolkit.
→ 크리덴셜 읽기 (reads-pypirc) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
This template should help get you started developing with Vue 3 in Vite.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ 크리덴셜 읽기 (reads-apple-cloudkit) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
The Bold Reports by Syncfusion controls for JavaScript contains ReportViewer and ReportDesigner HTML5 and JavaScript reporting controls for enterprise web development
→ 크리덴셜 읽기 (reads-azure-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Static COBOL analyzer: syntax check, dead code detection, feature extraction, SLA performance prediction, and Validate & Push gate.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
UI component catalog for serve.zone
→ 하드코딩된 public IP 전송지: 203.0.113.50, 203.0.113.10, 203.0.113.11 (RFC1918·loopback 아님).
通达信 TCP 协议行情数据客户端,支持在线行情与离线本地数据读取
→ 하드코딩된 public IP 전송지: 180.153.18.170, 124.71.187.122, 180.153.18.171, 180.153.18.172, 119.147.212.81, 115.238.56.198, 115.238.90.165, 218.75.126.9, 47.107.75.159, 59.175.238.38, 110.41.147.114, 110.41.2.72, 101.33.225.16, 175.178.112.197, 175.178.128.227, 43.139.95.83, 124.223.163.242, 122.51.120.217, 150.158.160.2, 123.60.164.122, 111.229.247.189, 124.70.199.56, 62.234.50.143, 81.70.151.186, 82.156.214.79, 159.75.29.111, 43.139.18.171, 81.71.32.47, 122.51.232.182, 118.25.98.114, 121.36.225.169, 123.60.70.228, 123.60.73.44, 124.70.133.119, 124.71.187.72, 119.97.185.59, 129.204.230.128, 101.42.240.54, 124.71.9.153, 123.60.84.66, 111.230.186.52, 101.0.0.43 (RFC1918·loopback 아님).
MEV protection layer for Ethereum trading bots. Benchmarks 12+ RPC providers and auto-configures the fastest.
→ 하드코딩된 public IP 전송지: 165.22.200.211 (RFC1918·loopback 아님).
A Directus extension bundle that adds a form submission endpoint, collection, and dashboard to form submissions of a website.
→ 하드코딩된 public IP 전송지: 74.125.224.72, 45.33.32.156 (RFC1918·loopback 아님).