// Suspicious network destinations

Public-IP HTTP exfiltration

pattern: http-to-public-ip

Packages that POST or GET to a hardcoded public IPv4 literal — not a hostname, not RFC1918 / loopback. Strong indicator of attacker-controlled command-and-control infrastructure.

1 package flagged with this pattern. Newest first.

AUTO-PUBLISHED/npm/2026-05-04
react-dom-helper@1.0.0
by k4nx9zfp82
steals →npm tokenAWS keys
reads-aws-credsreads-npmrcreads-homedirhttp-to-public-ip
→ Credential read (reads-aws-creds, reads-npmrc) paired with http-to-public-ip destination — classic exfiltration signature.
weekly
—
/wk
llm verdict

malicious 0.95

h-score

83

patterns

4

size

412 B

Public-IP HTTP exfiltration

react-dom-helper@1.0.0