PROBABLY_PENTEST (1) campaign cataloged at 2025-02-05(2).

1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-02-pxz

Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the same uploader use confusing names, clearly suggesting the intention to harvest data from unintentional installations.

Abuse categories

basic_exfiltration

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

typosquatting

Campaign uses typosquatting.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• 35.170.187.220

Packages in the campaign

campaign:2025-02-pxz

• inkpy-jinja
• lightgboost
• nflx-metaflow
• pxz