Confirmed source: main-F3P7IW5C.js — 6 addEventListener("message") with NO event.origin validation.
Attacker domain: attack.netfragile.store | Target: 1inch.network
// 6 message listeners — NONE check event.origin:
addEventListener("message",function(t){
const n=t.data.method,r=t.data.id,e=t.data.arg;
if(n in P&&"function"==typeof P[n]) // executes method from message data
...
});
addEventListener("message",this.handleMessage.bind(this))
// handleMessage processes rrweb events from any source