domain

npm.car-loans.io

Fabricated private npm registry domain in @car-loans README and .npmrc comment (registry=https://npm.car-loans.io). Social engineering artifact confirming target org uses a private npm registry — the precondition for dependency confusion. Not confirmed functional infrastructure.

discovered 2026-05-28

Campaigns

oob-moika-tech-depconf-2026attributed-to

Linked packages

npm@car-loans/mobile-car-loans-applicationcommunicates-with

Read the full analysis →