WP Beacon

NextScripts

@nextscripts · wordpress.org profile ↗
Member since
2012-03-01
Location
NJ
Employer
NextScripts
Job title
Authored
1
SVN commit access
1
Readme contributor
0
Combined install base
30k+ across 1 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_pattern NextScripts: Social Networks Auto-Poster Resolved · false_positive_legit_ip_use 2d ago
Slugsocial-networks-auto-poster-facebook-twitter-g
Patternhardcoded_ip_url
Kindbuiltin
Version4.4.7
Hit count1
First hit
File
inc/nxs_class_snap.php
Line
105
Snippet
nxs_cURLTest("http://45.79.4.45/", "HTTPS to NXSA", "NXS");
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "social-networks-auto-poster-facebook-twitter-g",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "4.4.7",
    "hit_count": 1,
    "first_hit": {
        "file": "inc/nxs_class_snap.php",
        "line": 105,
        "snippet": "nxs_cURLTest(\"http://45.79.4.45/\", \"HTTPS to NXSA\", \"NXS\");"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}
Critical code_scan_delta NextScripts: Social Networks Auto-Poster Resolved · false_positive_cdn_known_good 2d ago
Slugsocial-networks-auto-poster-facebook-twitter-g
Previous version4.4.7
Current version4.4.7
New findings
PatternKindFileLineSnippetConfidence
hardcoded_ip_urlbuiltininc/nxs_class_snap.php105nxs_cURLTest("http://45.79.4.45/", "HTTPS to NXSA", "NXS");high
New finding count1
View raw JSON
{
    "slug": "social-networks-auto-poster-facebook-twitter-g",
    "previous_version": "4.4.7",
    "current_version": "4.4.7",
    "new_findings": [
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "inc/nxs_class_snap.php",
            "line": 105,
            "snippet": "nxs_cURLTest(\"http://45.79.4.45/\", \"HTTPS to NXSA\", \"NXS\");",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Medium domain_younger_than_plugin NextScripts: Social Networks Auto-Poster Resolved · no_longer_matches 8d ago
Slugsocial-networks-auto-poster-facebook-twitter-g
Domainnextscripts.net
Domain sourcec2_http_call
Domain registered at2021-06-23
Plugin earliest commit2012-03-02 11:09:36
Plugin latest release2017-10-16 23:49:28
Gap days3,399
Domain age at release-1,345
Active installs30,000
View raw JSON
{
    "slug": "social-networks-auto-poster-facebook-twitter-g",
    "domain": "nextscripts.net",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2021-06-23",
    "plugin_earliest_commit": "2012-03-02 11:09:36",
    "plugin_latest_release": "2017-10-16 23:49:28",
    "gap_days": 3399,
    "domain_age_at_release": -1345,
    "active_installs": 30000
}
Medium domain_younger_than_plugin NextScripts: Social Networks Auto-Poster Resolved · no_longer_matches 8d ago
Slugsocial-networks-auto-poster-facebook-twitter-g
Domainu.to
Domain sourcec2_http_call
Domain registered at2021-11-18
Plugin earliest commit2012-03-02 11:09:36
Plugin latest release2017-10-16 23:49:28
Gap days3,547
Domain age at release-1,493
Active installs30,000
View raw JSON
{
    "slug": "social-networks-auto-poster-facebook-twitter-g",
    "domain": "u.to",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2021-11-18",
    "plugin_earliest_commit": "2012-03-02 11:09:36",
    "plugin_latest_release": "2017-10-16 23:49:28",
    "gap_days": 3547,
    "domain_age_at_release": -1493,
    "active_installs": 30000
}

Plugins authored (1)

Plugin Version Installs Last updated Status
NextScripts: Social Networks Auto-Poster ·social-networks-auto-poster-facebook-twitter-g 4.4.7 30k+ 2mo ago Active

SVN commit access (1)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
NextScripts: Social Networks Auto-Poster nextscripts 30k+ 200 14y ago 2mo ago Active