日常用 ippure.com 干净准确，推荐

I guess most of the CT users often use fonrtun pro extension or xhunt extension (specially in the chinese community this is very popular), people see open source on github and just trust it. so today, I checked both xhunt and frontrun to see what is really going on under the hood and tbh some of this stuff is wild. xhunt is open source, it is true but being open source doesn't always mean safe. their README says "local-only data storage, no sensitive information uploads" which is a straight up lie. i checked the actual code and every single API call sends your real IP address, physical city, ISP and even persistent device fingerprint using FingerprintJS and the full url of every single page you visit on twitter, all going to their server at kb(.)xhunt(.)ai. they hit 4 different IP geolocation services [ipapi(.)co, ip-api(.)com, ipinfo(.)io, ipify(.)org] just to figure out where you are. even worse, they deliberately use RC4 encryption and String.fromCharCode arrays to hide header names like "authorization" and "x-user-id" and "x-window-location-href" from anyone reviewing the code. tbh legit developers don't do that. they also have a completely unrestricted HTTP proxy in the background script (EXECUTE_REQUEST handler) with zero URL validation, means any code can tell your browser to fetch literally anything, your local network, cloud metadata, whatever. and there is an empty wallet injection function already wired up with world:MAIN access just sitting there waiting to be activated. their remote config runs on Alibaba Nacos so they can push changes server-side in minutes without any chrome store review. frontrun is a lil bit different. it hooks into 12 𝕏 GraphQL endpoints : your feed, followers, following, searches, community posts, all of it and monkey-patches fetch, XHR, and WebSocket on 8 crypto platforms. the intercepted API data from 𝕏 and crypto platforms stays in your browser for the overlay, but every time you open a crypto site, frontrun pings Amplitude with the platform name, when you log in it sends your email and name to Amplitude and on errors it uploads logs with your device ID and user agent to their own server at loadbalance(.)frontrun(.)pro but the key difference is that intercepted data mostly stays local in your browser for the overlay UI. it's not being sent to their servers the way xhunt does it. it worth noting that frontrun also uses GrowthBook for remote feature flags so they can change extension behavior server-side without a chrome store update too. but overall, frontrun is much less shady than xHunt in practice. neither extension is stealing your keys or draining wallets today. but the infrastructure is there in the case of xhunt. remote config systems that can push silent changes, aggressive permissions, and in xhunt's case deliberate code obfuscation to hide what they are doing. just be aware of what you are installing.

I guess most of the CT users often use fonrtun pro extension or xhunt extension (specially in the chinese community this is very popular), people see open source on github and just trust it. so today, I checked both xhunt and frontrun to see what is really going on under the hood and tbh some of this stuff is wild. xhunt is open source, it is true but being open source doesn't always mean safe. their README says "local-only data storage, no sensitive information uploads" which is a straight up lie. i checked the actual code and every single API call sends your real IP address, physical city, ISP and even persistent device fingerprint using FingerprintJS and the full url of every single page you visit on twitter, all going to their server at kb(.)xhunt(.)ai. they hit 4 different IP geolocation services [ipapi(.)co, ip-api(.)com, ipinfo(.)io, ipify(.)org] just to figure out where you are. even worse, they deliberately use RC4 encryption and String.fromCharCode arrays to hide header names like "authorization" and "x-user-id" and "x-window-location-href" from anyone reviewing the code. tbh legit developers don't do that. they also have a completely unrestricted HTTP proxy in the background script (EXECUTE_REQUEST handler) with zero URL validation, means any code can tell your browser to fetch literally anything, your local network, cloud metadata, whatever. and there is an empty wallet injection function already wired up with world:MAIN access just sitting there waiting to be activated. their remote config runs on Alibaba Nacos so they can push changes server-side in minutes without any chrome store review. frontrun is a lil bit different. it hooks into 12 𝕏 GraphQL endpoints : your feed, followers, following, searches, community posts, all of it and monkey-patches fetch, XHR, and WebSocket on 8 crypto platforms. the intercepted API data from 𝕏 and crypto platforms stays in your browser for the overlay, but every time you open a crypto site, frontrun pings Amplitude with the platform name, when you log in it sends your email and name to Amplitude and on errors it uploads logs with your device ID and user agent to their own server at loadbalance(.)frontrun(.)pro but the key difference is that intercepted data mostly stays local in your browser for the overlay UI. it's not being sent to their servers the way xhunt does it. it worth noting that frontrun also uses GrowthBook for remote feature flags so they can change extension behavior server-side without a chrome store update too. but overall, frontrun is much less shady than xHunt in practice. neither extension is stealing your keys or draining wallets today. but the infrastructure is there in the case of xhunt. remote config systems that can push silent changes, aggressive permissions, and in xhunt's case deliberate code obfuscation to hide what they are doing. just be aware of what you are installing.

🎥 #juhoon

My @ipinfo @raycast extension just got published to the store. You can: - Get information about your IP address - Get extensive information about any IP address - View all you IP address lookup history with their responses raycast.com/narghev/ipinfo