No verification record available.

The package exhibits multiple suspicious behaviors. The index.js file contains a suspicious callback URL (dwpmxufjontejuultjhe0dcw571lqawco.oast.fun) used for potential data exfiltration, as detected by both YARA and LLM analysis. It also attempts to exfiltrate the hostname. Additionally, the package.json file includes a preinstall script that executes node index.js, enabling arbitrary code execution during installation. The package has only one published version, raising further suspicion. The combination of these factors strongly suggests malicious intent.