Today I learned that GNU tar does network connections if you say "foo:bar", it tries to resolve "foo". FFS, wasn't the Unix philosophy to do one thing and do it well? Luckily there's a "--force-local" option to GNU tar to avoid it doing remote connections.

Sorry if you're in trouble now, either reviewing your tar calls in your application and whether they can take user input as filename -- or if this was part of your exfiltration or attack on a system.