PkgRadar

PyPI · pypi.org

bbot

DNS / OAST exfiltration: matched "oast.pro"

Why PkgRadar flagged 3.0.0.1271rc0

SeveritySignalEvidence
highDNS / OAST exfiltrationmatched "oast.pro" · bbot-3.0.0.1271rc0/bbot/core/helpers/interactsh.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.0.1271rc0High risk152026-06-17
2.8.6High risk222026-06-17
3.0.0.1254rc0High risk152026-06-17
2.8.5High risk222026-06-16
3.0.0.1190rc0High risk152026-06-16
3.0.0.1184rc0High risk152026-06-16
3.0.0.1173rc0High risk152026-06-16
3.0.0.1153rc0High risk152026-06-15
3.0.0.1141rc0High risk152026-06-15
3.0.0.1139rc0High risk152026-06-14
3.0.0.1137rc0High risk152026-06-13
3.0.0.1079rc0High risk152026-06-13
3.0.0.1070rc0High risk152026-06-11
3.0.0.1068rc0High risk152026-06-10
3.0.0.1064rc0High risk152026-06-10
3.0.0.1062rc0High risk152026-06-09
3.0.0.1056rc0High risk152026-06-09
3.0.0.986rc0High risk152026-06-09
3.0.0.981rc0High risk152026-06-08
3.0.0.909rc0High risk152026-06-08
3.0.0.907rc0High risk152026-06-07
3.0.0.903rc0High risk152026-06-03
3.0.0.897rc0High risk152026-06-01
3.0.0.884rc0High risk152026-06-01
3.0.0.876rc0High risk152026-06-01
3.0.0.858rc0High risk152026-05-30
3.0.0.870rc0High risk152026-05-30

Block this in CI

PkgRadar gates bbot (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi bbot==3.0.0.1271rc0
Start free — 25 scans / moView full evidence