domain-admin@1.6.78
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
// Code execution / obfuscation
pattern: long-base64-literal
Packages that contain a base64 string longer than 200 characters as a string literal. Almost always an encoded second-stage payload that gets decoded and executed at runtime.
11 packages flagged with this pattern (16 total publish events, collapsed by publisher+name). Newest first.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Unified LLM API with automatic model discovery and provider configuration
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
This package includes end-to-end tests that cover Aztec's main milestones. These can be run locally either by starting anvil on a different terminal.
This package provides configuration and code for common chain operations such as contract deployment etc.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ Credential read (reads-apple-cloudkit) paired with http-to-public-ip destination — classic exfiltration signature.
QAECY UI Web Components
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Advanced email sender
FINK Orchestrator Core - Enterprise Installer
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Vendored dependencies to fix ERR_REQUIRE_ESM.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Galaxybase 团队的图分析资产包
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).