@bolloon/bolloon-agent8 versions·0.1.16→0.1.28
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ Credential read (reads-ai-api-keys, reads-seed-phrase) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// Code execution / obfuscation
pattern: hex-decode
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
21 packages flagged with this pattern (30 total publish events, collapsed by publisher+name). Newest first.
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ Credential read (reads-ai-api-keys, reads-seed-phrase) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ Credential read (reads-aws-creds) paired with http-to-public-ip destination — classic exfiltration signature.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ Credential read (reads-aws-creds) paired with http-to-public-ip destination — classic exfiltration signature.
Zero Knowledge Provable JSON
The Aztec CLI `aztec-cli` is a command-line interface (CLI) tool for interacting with Aztec. It provides various commands for deploying contracts, creating accounts, interacting with contracts, and retrieving blockchain data.
Aztec is a package that allows for a simple development environment on Aztec stack. It creates a Private eXecution Environment (PXE) that listens for HTTP requests on `localhost:8080` by default. When started, it deploys all necessary L1 Aztec contracts a
This package includes end-to-end tests that cover Aztec's main milestones. These can be run locally either by starting anvil on a different terminal.
This package provides configuration and code for common chain operations such as contract deployment etc.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ Credential read (reads-apple-cloudkit) paired with http-to-public-ip destination — classic exfiltration signature.
Quasarr connects JDownloader with Radarr, Sonarr and Magazarr. It also decrypts links protected by CAPTCHAs.
Interface utility for performance monitoring and diagnostic reporting.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 2 other host(s).
Enterprise-grade utilities with enhanced validation and compatibility layer
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Enterprise-grade utilities with enhanced validation and compatibility layer
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Enterprise-grade utilities with enhanced validation and compatibility layer
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Enterprise-grade utilities with enhanced validation and compatibility layer
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
通达信 TCP 协议行情数据客户端,支持在线行情与离线本地数据读取
→ Hardcoded public IP destination: 180.153.18.170, 124.71.187.122, 180.153.18.171, 180.153.18.172, 119.147.212.81, 115.238.56.198, 115.238.90.165, 218.75.126.9, 47.107.75.159, 59.175.238.38, 110.41.147.114, 110.41.2.72, 101.33.225.16, 175.178.112.197, 175.178.128.227, 43.139.95.83, 124.223.163.242, 122.51.120.217, 150.158.160.2, 123.60.164.122, 111.229.247.189, 124.70.199.56, 62.234.50.143, 81.70.151.186, 82.156.214.79, 159.75.29.111, 43.139.18.171, 81.71.32.47, 122.51.232.182, 118.25.98.114, 121.36.225.169, 123.60.70.228, 123.60.73.44, 124.70.133.119, 124.71.187.72, 119.97.185.59, 129.204.230.128, 101.42.240.54, 124.71.9.153, 123.60.84.66, 111.230.186.52, 101.0.0.43 (not RFC1918 / loopback).
MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.
→ Sends to suspicious destination(s): webhook.site.