WP Beacon

moceanapiplugin

@moceanapiplugin · wordpress.org profile ↗
Member since
2018-12-18
Location
Employer
Job title
Authored
7 (2 closed)
SVN commit access
1
Readme contributor
0
Combined install base
60 across 7 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern MoceanAPI Order SMS Notification for WooCommerce Resolved · vendor_self_publishing_moceansms_api 1mo ago
Slugmoceansms-order-sms-notification-for-woocommerce
Patternhardcoded_ip_url
Kindbuiltin
Version1.4.12
Hit count3
First hit
File
lib/MoceanSMS.php
Line
24
Snippet
public $rest_ip_address = 'https://183.81.161.84:443/rest/2';
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "moceansms-order-sms-notification-for-woocommerce",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "1.4.12",
    "hit_count": 3,
    "first_hit": {
        "file": "lib/MoceanSMS.php",
        "line": 24,
        "snippet": "public $rest_ip_address = 'https://183.81.161.84:443/rest/2';"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

Plugins authored (7)

Plugin Version Installs Last updated Status
MoceanAPI Order SMS Notification for WooCommerce ·moceansms-order-sms-notification-for-woocommerce 1.4.12 50 8mo ago Active
MoceanAPI SendSMS ·moceanapi-sendsms 1.4.11 10 2y ago Active
MoceanAPI Abandoned Carts for WooCommerce ·moceanapi-abandoned-carts 1.2.0 3y ago Active
MoceanSMS WC Marketplace Extension ·moceanapi-wc-marketplace-extension 1.0.0 Closed
MoceanAPI Woocommerce Product Vendors Extension ·moceanapi-woocommerce-product-vendors-extension 1.0.0 Closed
SMS OTP Easy Login with Mocean ·otp-easy-login-with-mocean 1.1.2 2y ago Active
Easy Caller with Mocean ·easy-caller-with-moceanapi 1.1.0 3y ago Active

SVN commit access (1)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
MoceanAPI Order SMS Notification for WooCommerce moceanapiplugin 50 64 7y ago 8mo ago Active