Summary
Multiple hardcoded proxy hostnames ('iLoveJavaScript') indicate malicious intent to redirect traffic and intercept data.
Details
The package contains multiple instances of hardcoded proxy hostnames ('iLoveJavaScript') in connect.js and state_machine.js. This is highly suspicious and suggests an attempt to redirect traffic through an attacker-controlled proxy server, potentially intercepting or modifying data. The multiple occurrences increase the confidence that this is not a benign error.
Evidences
| File | Title | Confidence | |
|---|---|---|---|
package/lib/cmap/connect.js | Suspicious Socks5 Proxy Host | Medium | |
package/lib/client-side-encryption/state_machine.js | Hardcoded Proxy Hostname | Medium |
Analysis performed at Analysis by