registry  /  ratelimitsucks4  /  2.0.0

ratelimitsucks4@2.0.0

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Opening the packaged web app installs a same-origin service worker and creates a web-proxy controller. Requests under its generated `fairs/` prefix can be relayed through a remote WebSocket transport with request metadata and proxied cookies.

Static reason
One or more suspicious static signals were detected.
Trigger
A user opens `index.html` and the app calls `bootController`.
Impact
A user can be routed through a remote proxy that receives proxied request data and can mediate returned content.
Mechanism
Service-worker interception and remote WebSocket proxying with cookie synchronization.
Rationale
This package is an unexpected, obfuscated browser proxy application rather than a normal library and exposes a remote traffic-mediation capability. The capability is runtime/user-triggered with no install hook or confirmed malicious follow-on behavior, so it warrants a warning rather than a block.
Evidence
package.jsonindex.htmlassets/boot-CVPGRFHh.jsj6k3y8.jsct1tl/jmqwjq.jsct1tl/csbzam.jsct1tl/pap3do.jsbfjdx/757lr8.jsbfjdx/w7m632.wasm
Network endpoints3
www.googletagmanager.com/gtag/js?id=G-0VL3ZSBXDHc.vipersfutbol.com/script.jswss://21baseballacademy.com/fairs/

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10369
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in ratelimitsucks4 (npm)
Details
The tarball ships `auto-publish.sh`, a script that republishes the same payload under ~100 distinct npm names (`ishowfeet1`-`ishowfeet20`, `nottuff1`-`nottuff30`, `abuden*`, `imillegal*`, `ratelimitsucks*`, etc/) by rewriting `package.json.name` and running `npm publish --silent` in a loop — namespace-spam infrastructure shipped inside the package itself. The package's declared `main` is `sw.js`, a browser Service Worker (`importScripts('./8cfc2/hgshm.js')`, `self.addEventListener('install'|'activate'|'fetch'|'message')`) that throws immediately if loaded from Node. The shipped assets are a heavily obfuscated Ultraviolet/bare-mux web-proxy frontend with an `index.html` themed as "Riverbend Tutoring" that hides a popunder redirect to `https://abdct.com/` on click/keydown/touchstart. `package.json` declares no `preinstall`/`install`/`postinstall`/`prepare` hooks, and `require('ishowfeet9')` from Node fails before any code runs, so a Node installer experiences no auto-execution. The harm is registry abuse (mass-publication of a misleading name family) and a browser-side proxy/popunder served to whoever later loads these static assets — not installer-side compromise. Routing to human review for namespace-abuse adjudication. ## Source: ghsa-malware (c33bfa060586a5952d56cd4398f18b997929cf718e00b7208dadc76c4e132bd3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
  • `assets/boot-CVPGRFHh.js` registers `j6k3y8.js` as a service worker at runtime.
  • `assets/boot-CVPGRFHh.js` configures proxy transport to `wss://21baseballacademy.com/fairs/`.
  • `ct1tl/jmqwjq.js` intercepts matching fetches and forwards request URL, headers, body, and referrer through RPC.
  • `ct1tl/csbzam.js` syncs proxied cookies and relays WebSocket/HTTP traffic.
  • `index.html` auto-loads third-party scripts from Google Tag Manager and `c.vipersfutbol.com`.
  • The package is a minified web application with an obfuscated large chat bundle, obscuring this proxy behavior.
Evidence against
  • `package.json` has no lifecycle scripts, dependencies, or executable bin entry.
  • Install does not run the browser assets; activation requires opening the HTML application.
  • No Node child-process, filesystem harvesting, environment-variable access, or local credential-file access was found.
  • No source-confirmed destructive action, remote code loader, or AI-agent control-surface mutation was found.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 24 file(s), 7.27 MB of source, external domains: 127.0.0.1, aomediacodec.github.io, cdn.jsdelivr.net, cloud-api.livekit.io, curl.se, emscripten.org, fingerprint.com, github.com, m1.openfpcdn.io, react.dev, sj-cache.invalid, twemoji.maxcdn.com, www.w3.org, www.zlib.net

Source & flagged code

7 flagged · loading source
assets/proxy-runtime-1NyFshf9.jsView file
1patternName = aws_access_key severity = critical line = 1 matchedText = var OQ=O...B+=`
Critical
Critical Secret

Package contains a critical-looking secret pattern.

assets/proxy-runtime-1NyFshf9.jsView on unpkg · L1
1patternName = aws_access_key severity = critical line = 1 matchedText = var OQ=O...B+=`
Critical
Secret Pattern

AWS access key ID in assets/proxy-runtime-1NyFshf9.js

assets/proxy-runtime-1NyFshf9.jsView on unpkg · L1
bfjdx/757lr8.jsView file
17L18: //# sourceURL=${A}`)();n=c,o=l}else n=g.z$,o=g.Mt;r.construct&&(l.construct=function(e,t,i){let n,s=!1,a={fn:e,this:null,args:t,newTarget:i,return:e=>{s=!0,n=e},call:()=>(s=!0,n=o(... L19: //# sourceURL=${r.url.href}`),n}return o.body;case"style":return(0,i.sM)(await o.text(),e.context,r.meta);case"sharedworker":case"worker":return(0,i.iP)(new Uint8Array(await o.arra...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bfjdx/757lr8.jsView on unpkg · L17
assets/ChatPage-zoA8Z6RX.jsView file
1(function(_0x31bba3,_0x379132){const _0x159e7b={_0x26fc34:0x358,_0x56fc24:0x70c,_0x216b69:0x578,_0x22d6fc:0x60b,_0x33af41:0x2a6,_0x514b56:0x7f9,_0x4ccc4c:0x9d1,_0x35dd24:0xfdf,_0x1...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

assets/ChatPage-zoA8Z6RX.jsView on unpkg · L1
bfjdx/w7m632.wasmView file
path = bfjdx/w7m632.wasm kind = wasm_module sizeBytes = 586279 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

bfjdx/w7m632.wasmView on unpkg
assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
assets/livekit-C0E_jLSz.jsView file
13patternName = generic_password severity = medium line = 13 matchedText = `},e.par...+`\r
Medium
Secret Pattern

Hardcoded password in assets/livekit-C0E_jLSz.js

assets/livekit-C0E_jLSz.jsView on unpkg · L13

Findings

2 Critical3 High6 Medium4 Low
CriticalCritical Secretassets/proxy-runtime-1NyFshf9.js
CriticalSecret Patternassets/proxy-runtime-1NyFshf9.js
HighObfuscated Payload Loaderassets/ChatPage-zoA8Z6RX.js
HighObfuscated
HighShips High Entropy Blobassets/KaTeX_Script-Regular-D3wIWfF6.woff2
MediumDynamic Requirebfjdx/757lr8.js
MediumNetwork
MediumProtestware
MediumShips Wasm Modulebfjdx/w7m632.wasm
MediumStructural Risk Force Deep Review
MediumSecret Patternassets/livekit-C0E_jLSz.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License