The package contains obfuscated code to load content from a suspicious external domain in the user's browser