// npm 패키지
@asavie/i18n
SECURITY RESEARCH - Dependency confusion PoC - Authorized bug bounty testing - Contact: daad122@wearehackerone.com
버전
3
메인테이너
1
라이선스
ISC
최초 publish
2026-05-23
publisher
fghdfdvcfb
tarball
3,357 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-23
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
- ⇢ d88s0sio12pkd7e76vlghfkt8jfiziu1p.oast.online(oast.online)
- ⚙ dns tunneling(fetches + executes remote payload)
// offending code· @99.0.1· 1 file flagged
llm: malicious · 0.95→ 의심 전송지로 발송: d88s0sio12pkd7e76vlghfkt8jfiziu1p.oast.online.
- @99.0.1··AUTO-PUBLISHED·publisher: fghdfdvcfbheuristic 73/100static flags 4llm malicious (0.95) via ollamainstall-scripts:preinstallnew-publisher:0dsuspicious-description:security-researchreads-homedirreads-system-infodns-tunnelingchild-process-spawn
→ 의심 전송지로 발송: d88s0sio12pkd7e76vlghfkt8jfiziu1p.oast.online.
// NHI intent1 target·mixed harvest patterns·gate: always - AWS IMDS metadata serviceimds-aws
dns.resolve(query, 'A', () => {});
