VDB
GCVE-110-OSM-2026-5920
GCVE-110-OSM-2026-5920
Advisory PublishedCVSS 9.6/10
This package is an SEO-spam and affiliate-link-farm operation using npm as a static hosting vehicle. The entrypoint index.html contains Chinese-language SEO metadata targeting adult gossip/piracy audiences ('黑料网', '91视频', '50度灰') with affiliate redirect URLs across multiple suspicious TLDs (.top, .xyz, .icu): e.g., https://c7f6.apqmzcru.top/chan/h57170/6Edmj and https://p3.ylzajgm.xyz/?aff_code=6Edmj. The publisher 'thiencotrilien6688' has published 16 near-identical packages (182-6run through 182-29run) in a rapid burst consistent with SEO spam farming, and one sibling package (182-23run) is already confirmed malicious in OSM. The URL at https://node12.aizhantj.com:21233/tjjs/?k=18k6tpxdnsx matches a tracking/analytics beacon pattern typical of affiliate fraud. The package presents no legitimate library functionality — its entire purpose is deploying SEO-poisoned HTML with monetized redirect chains.
ENTRY
index.html (main: index.html)
ADDITIONAL FINDINGS
- Suspicious TLD Domain in index.js: "https://c7f6.apqmzcru.top"
- Publisher Has Other Malicious Packages
- Rapid Version Publishing
PAYLOAD FILES
index.js
INDICATORS (IOCs)
- ipv6: F::
- urls: https://c7f6.apqmzcru.top/chan/h57170/6Edmj, https://p3.ylzajgm.xyz/?aff_code=6Edmj#/, https://seselu.icu, https://6bce.djhfhuo.top/aff-2gfE, https://15bc.fkrglzoc.top/aff-E75A (+8 more)
- domains: 6bce.djhfhuo.top, 15bc.fkrglzoc.top, node12.aizhantj.com, 182.run
- payloadFileHash: 974572bebb28754d33a8cbca721c51cd5459541a24b817148b88e8a0f5744c13
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | 182run | all (affected) | — |
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.