Cargo · crates.io

keyhog-verifier

DNS / OAST exfiltration: matched "oast.fun"

Why PkgRadar flagged 0.5.40

Severity	Signal	Evidence
high	DNS / OAST exfiltration	matched "oast.fun" · keyhog-verifier-0.5.40/src/oob/client.rs
high	DNS / OAST exfiltration	matched "oast.fun" · keyhog-verifier-0.5.40/src/oob/mod.rs
high	DNS / OAST exfiltration	matched "oast.fun" · keyhog-verifier-0.5.40/src/oob/session.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.5.40`	High risk	55	2026-06-04
`0.5.39`	High risk	55	2026-06-04
`0.5.37`	High risk	55	2026-05-30

Block this in CI

PkgRadar gates keyhog-verifier (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]