T1102
Web Service
discovered 2025-08-12Abuses legitimate web services for staging and C2: gofile.io anonymous file hosting, Cloudflare quick-tunnel (trycloudflare.com) for multiple distinct tunnels (delivery, exfil API, secondary download, WebSocket RAT, shellcode), ipinfo.io for geolocation, Discord API for token validation.
Seen in packages
- npm tensorflowjsuses
- npm nxuses
- npm @nx/jsuses
- npm @ctrl/tinycoloruses
- npm @zapier/zapier-sdkuses
- npm @asyncapi/specsuses
- npm @quick-start-soft/quick-markdown-printuses
- npm @quick-start-soft/quick-markdownuses
- npm @quick-start-soft/quick-remove-image-backgrounduses
- npm @quick-start-soft/quick-git-clean-markdownuses
- npm @quick-start-soft/quick-document-translatoruses
- npm @quick-start-soft/quick-markdown-imageuses
- npm @quick-start-soft/quick-task-refineuses
- npm @asyncapi/modelinauses
- npm posthog-react-nativeuses
- npm posthog-nodeuses
- npm @postman/secret-scanner-wasmuses
- npm @postman/csv-parseuses
- npm @postman/node-keytaruses
- npm @postman/tunnel-agentuses
- npm @postman/wdio-allure-reporteruses
- npm @postman/postman-mcp-cliuses
- npm @postman/mcp-ui-clientuses
- npm @postman/wdio-junit-reporteruses
- npm @postman/pm-bin-macos-arm64uses
- npm @postman/pm-bin-linux-x64uses
- npm @postman/aether-iconsuses
- npm pino-sdk-v2uses
- npm axiosuses
- npm mgcuses
- pypi hermes-pxuses
- npm dom-utils-liteuses
- npm centraloggeruses
- npm js-logger-packuses
- npm ixpresso-coreuses
- npm godsplanuses
- npm eyevoxuses
- npm @cap-js/sqliteuses
- npm @cap-js/postgresuses
- npm @cap-js/db-serviceuses
- npm mbtuses
- npm npm-global-utiluses
- npm common-tg-serviceuses
- npm ams-sskuses
- npm martinez-polygon-clipping-tonyuses
- npm iceberg-javascriptuses
- npm supabase-javascriptuses
- npm auth-javascriptuses
- npm microsoft-applicationinsights-commonuses
- npm ms-graph-typesuses
- npm ai-figureuses
- npm amapcnuses
- npm @antv/a8uses
- npm @antv/adjustuses
- npm @antv/algorithmuses
- npm @antv/async-hookuses
- npm @antv/attruses
- npm @antv/avauses
- npm @antv/ava-reactuses
- npm @antv/awardsuses
- npm @antv/calendar-heatmapuses
- npm @antv/chart-linteruses
- npm @antv/chart-node-g6uses
- npm @antv/chart-visualization-skillsuses
- npm @antv/ckbuses
- npm @antv/color-schemauses
- npm @antv/color-utiluses
- npm @antv/componentuses
- npm @antv/coorduses
- npm @antv/d3-coloruses
- npm @antv/d3-interpolateuses
- npm @antv/data-samplesuses
- npm @antv/data-setuses
- npm @antv/data-wizarduses
- npm @antv/dipper-componentuses
- npm @antv/dipper-hooksuses
- npm @antv/dipper-mapuses
- npm @antv/dom-utiluses
- npm @antv/dumi-theme-antvuses
- npm @antv/dw-analyzeruses
- npm @antv/dw-randomuses
- npm @antv/dw-transformuses
- npm @antv/dw-utiluses
- npm @antv/event-emitteruses
- npm @antv/expruses
- npm @antv/f2uses
- npm @antv/f2-algorithmuses
- npm @antv/f2-canvasuses
- npm @antv/f2-contextuses
- npm @antv/f2-graphicuses
- npm @antv/f2-myuses
- npm @antv/f2-reactuses
- npm @antv/f2-siteuses
- npm @antv/f2-vueuses
- npm @antv/f2-wordclouduses
- npm @antv/f2-wxuses
- npm @antv/f6uses
- npm @antv/f6-alipayuses
- npm @antv/f6-coreuses
- npm @antv/f6-elementuses
- npm @antv/f6-hammerjsuses
- npm @antv/f6-pluginuses
- npm @antv/f6-uiuses
- npm @antv/f6-wxuses
- npm @antv/f-chartsuses
- npm @antv/f-engineuses
- npm @antv/f-lottieuses
- npm @antv/f-myuses
- npm @antv/f-reactuses
- npm @antv/f-test-utilsuses
- npm @antv/f-vueuses
- npm @antv/f-wxuses
- npm @antv/g2uses
- npm @antv/g2-brushuses
- npm @antv/g2-extension-3duses
- npm @antv/g2-extension-avauses
- npm @antv/g2-extension-plotuses
- npm @antv/g2plotuses
- npm @antv/g2plot-schemasuses
- npm @antv/g2-plugin-slideruses
- npm @antv/g2-ssruses
- npm @antv/guses
- npm @antv/g6uses
- npm @antv/g6-alipayuses
- npm @antv/g6-cliuses
- npm @antv/g6-coreuses
- npm @antv/g6-editoruses
- npm @antv/g6-elementuses
- npm @antv/g6-extension-3duses
- npm @antv/g6-extension-reactuses
- npm @antv/g6-mobileuses
- npm @antv/g6-pcuses
- npm @antv/g6-pluginuses
- npm @antv/g6-plugin-map-viewuses
- npm @antv/g6-pluginsuses
- npm @antv/g6-react-nodeuses
- npm @antv/g6-ssruses
- npm @antv/g6-wxuses
- npm @antv/gatsby-themeuses
- npm @antv/g-baseuses
- npm @antv/g-camera-apiuses
- npm @antv/g-canvasuses
- npm @antv/g-canvaskituses
- npm @antv/g-compatuses
- npm @antv/g-componentsuses
- npm @antv/g-css-layout-apiuses
- npm @antv/g-css-typed-om-apiuses
- npm @antv/g-device-apiuses
- npm @antv/g-dom-mutation-observer-apiuses
- npm @antv/geo-coorduses
- npm @antv/g-gestureuses
- npm @antv/gi-assets-advanceuses
- npm @antv/gi-assets-algorithmuses
- npm @antv/gi-assets-basicuses
- npm @antv/gi-assets-galaxybaseuses
- npm @antv/gi-assets-graphscopeuses
- npm @antv/gi-assets-hugegraphuses
- npm @antv/gi-assets-janusgraphuses
- npm @antv/gi-assets-neo4juses
- npm @antv/gi-assets-sceneuses
- npm @antv/gi-assets-tugraphuses
- npm @antv/gi-assets-tugraph-analyticsuses
- npm @antv/gi-assets-xlabuses
- npm @antv/gi-cliuses
- npm @antv/gi-common-componentsuses
- npm @antv/g-image-exporteruses
- npm @antv/gi-mock-datauses
- npm @antv/gi-public-datauses
- npm @antv/gi-sdkuses
- npm @antv/gi-sdk-appuses
- npm @antv/gi-theme-antduses
- npm @antv/github-config-cliuses
- npm @antv/g-layout-blocklikeuses
- npm @antv/g-liteuses
- npm @antv/gl-matrixuses
- npm @antv/g-lottie-playeruses
- npm @antv/g-mathuses
- npm @antv/g-mobileuses
- npm @antv/g-mobile-canvasuses
- npm @antv/g-mobile-canvas-elementuses
- npm @antv/g-mobile-svguses
- npm @antv/g-mobile-webgluses
- npm @antv/g-patternuses
- npm @antv/g-perfuses
- npm @antv/g-plugin-3duses
- npm @antv/g-plugin-a11yuses
- npm @antv/g-plugin-annotationuses
- npm @antv/g-plugin-box2duses
- npm @antv/g-plugin-canvaskit-rendereruses
- npm @antv/g-plugin-canvas-path-generatoruses
- npm @antv/g-plugin-canvas-pickeruses
- npm @antv/g-plugin-canvas-rendereruses
- npm @antv/g-plugin-controluses
- npm @antv/g-plugin-css-selectuses
- npm @antv/g-plugin-device-rendereruses
- npm @antv/g-plugin-dom-interactionuses
- npm @antv/g-plugin-dragndropuses
- npm @antv/g-plugin-gestureuses
- npm @antv/g-plugin-gpgpuuses
- npm @antv/g-plugin-html-rendereruses
- npm @antv/g-plugin-image-loaderuses
- npm @antv/g-plugin-matterjsuses
- npm @antv/g-plugin-mobile-interactionuses
- npm @antv/g-plugin-physxuses
- npm @antv/g-plugin-rough-canvas-rendereruses
- npm @antv/g-plugin-rough-svg-rendereruses
- npm @antv/g-plugin-svg-pickeruses
- npm @antv/g-plugin-svg-rendereruses
- npm @antv/g-plugin-webgl-deviceuses
- npm @antv/g-plugin-webgl-rendereruses
- npm @antv/g-plugin-webgpu-deviceuses
- npm @antv/g-plugin-yogauses
- npm @antv/g-plugin-zdog-canvas-rendereruses
- npm @antv/g-plugin-zdog-svg-rendereruses
- npm @antv/gpt-visuses
- npm @antv/gpt-vis-ssruses
- npm @antv/graphinuses
- npm @antv/graphin-componentsuses
- npm @antv/graphin-graphscopeuses
- npm @antv/graphin-iconsuses
- npm @antv/graphlibuses
- npm @antv/g-shader-componentsuses
- npm @antv/g-svguses
- npm @antv/g-web-animations-apiuses
- npm @antv/g-web-componentsuses
- npm @antv/g-webgluses
- npm @antv/g-webgl-computeuses
- npm @antv/g-webgpuuses
- npm @antv/g-webgpu-compileruses
- npm @antv/g-webgpu-coreuses
- npm @antv/g-webgpu-engineuses
- npm @antv/g-webgpu-raytraceruses
- npm @antv/g-webgpu-unitchartuses
- npm @antv/hierarchyuses
- npm @antv/infographicuses
- npm @antv/insight-componentuses
- npm @antv/interactionuses
- npm @antv/istanbuluses
- npm @antv/knowledgeuses
- npm @antv/l7uses
- npm @antv/l7-componentuses
- npm @antv/l7-composite-layersuses
- npm @antv/l7-coreuses
- npm @antv/l7-districtuses
- npm @antv/l7-drawuses
- npm @antv/l7-editoruses
- npm @antv/l7-extension-g-layeruses
- npm @antv/l7-layersuses
- npm @antv/l7-leafletuses
- npm @antv/l7-mapuses
- npm @antv/l7-mapkituses
- npm @antv/l7-mapsuses
- npm @antv/l7-miniuses
- npm @antv/l7-passuses
- npm @antv/l7plotuses
- npm @antv/l7plot-componentuses
- npm @antv/l7-reactuses
- npm @antv/l7-rendereruses
- npm @antv/l7-sceneuses
- npm @antv/l7-sourceuses
- npm @antv/l7-threeuses
- npm @antv/l7-utilsuses
- npm @antv/larkmapuses
- npm @antv/layout-gpuuses
- npm @antv/layout-wasmuses
- npm @antv/li-aiearth-assetsuses
- npm @antv/li-analysis-assetsuses
- npm @antv/li-core-assetsuses
- npm @antv/li-editoruses
- npm @antv/li-p2uses
- npm @antv/li-sam-assetsuses
- npm @antv/li-sdkuses
- npm @antv/lite-insightuses
- npm @antv/matrix-utiluses
- npm @antv/mcp-server-antvuses
- npm @antv/mcp-server-chartuses
- npm @antv/my-f2uses
- npm @antv/my-f2-pcuses
- npm @antv/narrative-text-editoruses
- npm @antv/narrative-text-schemauses
- npm @antv/narrative-text-visuses
- npm @antv/path-utiluses
- npm @antv/react-guses
- npm @antv/s2uses
- npm @antv/s2-reactuses
- npm @antv/s2-react-componentsuses
- npm @antv/s2-ssruses
- npm @antv/s2-vueuses
- npm @antv/samuses
- npm @antv/scaleuses
- npm @antv/semantic-release-pnpmuses
- npm @antv/smart-coloruses
- npm @antv/statuses
- npm @antv/t8uses
- npm @antv/thumbnailsuses
- npm @antv/thumbnails-componentuses
- npm @antv/torchuses
- npm @antv/translatoruses
- npm @antv/utiluses
- npm @antv/vendoruses
- npm @antv/vis-predict-engineuses
- npm @antv/webgpu-graphuses
- npm @antv/word-scale-chartuses
- npm @antv/wx-f2uses
- npm @antv/x6uses
- npm @antv/x6-angular-shapeuses
- npm @antv/x6-commonuses
- npm @antv/x6-componentsuses
- npm @antv/x6-geometryuses
- npm @antv/x6-plugin-clipboarduses
- npm @antv/x6-plugin-dnduses
- npm @antv/x6-plugin-exportuses
- npm @antv/x6-plugin-historyuses
- npm @antv/x6-plugin-keyboarduses
- npm @antv/x6-plugin-minimapuses
- npm @antv/x6-plugin-scrolleruses
- npm @antv/x6-plugin-selectionuses
- npm @antv/x6-plugin-snaplineuses
- npm @antv/x6-plugin-stenciluses
- npm @antv/x6-plugin-transformuses
- npm @antv/x6-reactuses
- npm @antv/x6-react-componentsuses
- npm @antv/x6-react-shapeuses
- npm @antv/x6-vectoruses
- npm @antv/x6-vue3-shapeuses
- npm @antv/x6-vue-shapeuses
- npm @antv/xflowuses
- npm @antv/xflow-coreuses
- npm @antv/xflow-diffuses
- npm @antv/xflow-extensionuses
- npm @antv/xflow-hookuses
- npm ast-pluginuses
- npm babel-plugin-versionuses
- npm boring-avatars-vanillauses
- npm byte-parseruses
- npm canvas-nest.jsuses
- npm echarts-for-reactuses
- npm filesize.jsuses
- npm fixed-rounduses
- npm gantt-for-reactuses
- npm jest-canvas-mockuses
- npm jest-date-mockuses
- npm jest-electronuses
- npm jest-expectuses
- npm jest-less-loaderuses
- npm jest-random-mockuses
- npm jest-url-loaderuses
- npm limit-sizeuses
- npm lint-mduses
- npm lint-md-cliuses
- npm @lint-md/cliuses
- npm @lint-md/coreuses
- npm @lint-md/parseruses
- npm mcp-echartsuses
- npm mcp-mermaiduses
- npm mizuses
- npm onfire.jsuses
- npm react-adsenseuses
- npm relationship.jsuses
- npm ribbon.jsuses
- npm size-sensoruses
- npm slice.jsuses
- npm timeago.jsuses
- npm timeago-reactuses
- npm uri-parseuses
- npm word-widthuses
- npm xmorseuses
- pypi durabletaskuses
- npm polymarket-trading-cliuses
- npm polymarket-terminaluses
- npm polymarket-tradeuses
- npm polymarket-auto-tradeuses
- npm polymarket-copy-tradinguses
- npm polymarket-botuses
- npm polymarket-claude-codeuses
- npm polymarket-ai-agentuses
- npm polymarket-traderuses
- npm faster-axiosuses
- npm turbo-axiosuses
- crates oneringuses
Campaigns
- No Specific Campaignattributed-to
- s1ngularity nx Build System Compromiseattributed-to
- Shai-Huludattributed-to
- tanvisoul9 npm Backdoorsattributed-to
- Contagious Interviewattributed-to
- fucktestpad npm Malwareattributed-to
- Mini Shai-Huludattributed-to
- shetty123 Telegram Hijackattributed-to
- Claude Code Hook Backdoorsattributed-to
- Crypto Wallet Drainersattributed-to
- Epsilon Axios Typosquat Campaignattributed-to
