WP Beacon

PersianScript

@persianscript · wordpress.org profile ↗
Member since
2010-03-27
Location
neyshabur
Employer
PersianScript / Persian Woocommerce
Job title
web designer
Authored
10 (7 closed)
SVN commit access
4
Readme contributor
2
Combined install base
123k+ across 12 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_pattern افزونه پیامک ووکامرس Persian WooCommerce SMS Resolved · false_positive_legit_ip_use 2d ago
Slugpersian-woocommerce-sms
Patternhardcoded_ip_url
Kindbuiltin
Version7.1.1
Hit count17
First hit
File
src/Gateways/PanelChi.php
Line
11
Snippet
public string $api_url = 'http://185.141.171.123/wbs/send.php?wsdl';
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "persian-woocommerce-sms",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "7.1.1",
    "hit_count": 17,
    "first_hit": {
        "file": "src/Gateways/PanelChi.php",
        "line": 11,
        "snippet": "public string $api_url = 'http://185.141.171.123/wbs/send.php?wsdl';"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}
Critical code_scan_delta افزونه پیامک ووکامرس Persian WooCommerce SMS Resolved · false_positive_cdn_known_good 2d ago
Slugpersian-woocommerce-sms
Previous version7.1.1
Current version7.1.1
New findings
PatternKindFileLineSnippetConfidence
hardcoded_ip_urlbuiltinsrc/Gateways/PanelChi.php11public string $api_url = 'http://185.141.171.123/wbs/send.php?wsdl';high
hardcoded_ip_urlbuiltinsrc/Gateways/IdehPayam.php34$soap = new SoapClient( "http://185.112.33.61/webservice/send.php?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/ChaparPanel.php33$client = new SoapClient( "http://87.107.121.52/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/RazPayamak.php33$client = new SoapClient( "http://37.228.138.118/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/NiazPardazCOM.php34$client = new SoapClient( "http://37.228.138.118/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/LoginPanel.php33$client = new SoapClient( "http://87.107.121.52/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/YektaTech.php34$client = new SoapClient( "http://37.228.138.118/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/ParsianSMS.php38$remote = wp_remote_get( 'http://185.4.31.182/class/sms/webservice/send_url.php?' . $content );high
hardcoded_ip_urlbuiltinsrc/Gateways/SMSMeli.php35$client = new SoapClient( "http://37.228.138.118/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/MehrPanel.php33$client = new SoapClient( "http://87.107.121.52/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/SMSPishgaman.php66$client = new nusoap_client( 'http://82.99.216.45/services/?wsdl', true );high
hardcoded_ip_urlbuiltinsrc/Gateways/SMSMelli.php40$remote = wp_remote_get( 'http://185.4.31.182/class/sms/webservice/send_url.php?' . $content );high
hardcoded_ip_urlbuiltinsrc/Gateways/GamaPayamak.php34$client = new SoapClient( "http://37.228.138.118/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/ParandSMS.php32$client = new SoapClient( "http://87.107.121.52/post/send.asmx?wsdl" );high
hardcoded_ip_urlbuiltinsrc/Gateways/SMSBefrest.php34$client = new SoapClient( "http://87.107.121.52/post/send.asmx?wsdl" );high
New finding count17
View raw JSON
{
    "slug": "persian-woocommerce-sms",
    "previous_version": "7.1.1",
    "current_version": "7.1.1",
    "new_findings": [
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/PanelChi.php",
            "line": 11,
            "snippet": "public string $api_url = 'http://185.141.171.123/wbs/send.php?wsdl';",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/IdehPayam.php",
            "line": 34,
            "snippet": "$soap = new SoapClient( \"http://185.112.33.61/webservice/send.php?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/ChaparPanel.php",
            "line": 33,
            "snippet": "$client       = new SoapClient( \"http://87.107.121.52/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/RazPayamak.php",
            "line": 33,
            "snippet": "$client       = new SoapClient( \"http://37.228.138.118/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/NiazPardazCOM.php",
            "line": 34,
            "snippet": "$client       = new SoapClient( \"http://37.228.138.118/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/LoginPanel.php",
            "line": 33,
            "snippet": "$client       = new SoapClient( \"http://87.107.121.52/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/YektaTech.php",
            "line": 34,
            "snippet": "$client       = new SoapClient( \"http://37.228.138.118/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/ParsianSMS.php",
            "line": 38,
            "snippet": "$remote = wp_remote_get( 'http://185.4.31.182/class/sms/webservice/send_url.php?' . $content );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/SMSMeli.php",
            "line": 35,
            "snippet": "$client       = new SoapClient( \"http://37.228.138.118/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/MehrPanel.php",
            "line": 33,
            "snippet": "$client = new SoapClient( \"http://87.107.121.52/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/SMSPishgaman.php",
            "line": 66,
            "snippet": "$client                   = new nusoap_client( 'http://82.99.216.45/services/?wsdl', true );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/SMSMelli.php",
            "line": 40,
            "snippet": "$remote = wp_remote_get( 'http://185.4.31.182/class/sms/webservice/send_url.php?' . $content );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/GamaPayamak.php",
            "line": 34,
            "snippet": "$client       = new SoapClient( \"http://37.228.138.118/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/ParandSMS.php",
            "line": 32,
            "snippet": "$client = new SoapClient( \"http://87.107.121.52/post/send.asmx?wsdl\" );",
            "confidence": "high"
        },
        {
            "pattern": "hardcoded_ip_url",
            "kind": "builtin",
            "file": "src/Gateways/SMSBefrest.php",
            "line": 34,
            "snippet": "$client = new SoapClient( \"http://87.107.121.52/post/send.asmx?wsdl\" );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 17
}
Medium domain_younger_than_plugin افزونه پیامک ووکامرس Persian WooCommerce SMS Resolved · no_longer_matches 8d ago
Slugpersian-woocommerce-sms
Domainavalpayam.com
Domain sourcec2_http_call
Domain registered at2025-07-08
Plugin earliest commit2014-01-31 17:26:32
Plugin latest release2025-11-25 09:48:04
Gap days4,175
Domain age at release140
Active installs40,000
View raw JSON
{
    "slug": "persian-woocommerce-sms",
    "domain": "avalpayam.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2025-07-08",
    "plugin_earliest_commit": "2014-01-31 17:26:32",
    "plugin_latest_release": "2025-11-25 09:48:04",
    "gap_days": 4175,
    "domain_age_at_release": 140,
    "active_installs": 40000
}
Medium domain_younger_than_plugin افزونه پیامک ووکامرس Persian WooCommerce SMS Resolved · no_longer_matches 8d ago
Slugpersian-woocommerce-sms
Domainiranpayamak.com
Domain sourcec2_http_call
Domain registered at2024-07-16
Plugin earliest commit2014-01-31 17:26:32
Plugin latest release2025-11-25 09:48:04
Gap days3,818
Domain age at release497
Active installs40,000
View raw JSON
{
    "slug": "persian-woocommerce-sms",
    "domain": "iranpayamak.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2024-07-16",
    "plugin_earliest_commit": "2014-01-31 17:26:32",
    "plugin_latest_release": "2025-11-25 09:48:04",
    "gap_days": 3818,
    "domain_age_at_release": 497,
    "active_installs": 40000
}

Plugins authored (10)

Plugin Version Installs Last updated Status
ووکامرس فارسی ·persian-woocommerce 10.0.2 70k+ 2mo ago Active
افزونه پیامک ووکامرس Persian WooCommerce SMS ·persian-woocommerce-sms 7.1.1 30k+ 5mo ago Active
درگاه پرداخت بانک ملت ووکامرس ·mellat-woocommerce 4.2.0 2k+ 4y ago Active
Woocommerce ParsPal Gateway ·parspal-woocommerce 4.0.2 Closed
Persian Add To Social Bookmarking ·ps-add-to-social-bookmarking 1.4 Closed
Woocommerce rashapay Gateway ·rashapay-woocommerce 4.0.2 Closed
persian-add-to-social-bookmarking ·persian-add-to-social-bookmarking Closed
Persian Gravity SMS Pro ·persian-gravity-sms-pro 1.1 Closed
اپلیکیشن ووکامرس ·persian-woocommerce-app 0.1-beta Closed
Woocommerce BitPay Gateway ·payline-woocommerce 4.0.3 Closed

SVN commit access (4)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
افزونه پیامک ووکامرس Persian WooCommerce SMS persianscript 30k+ 117 12y ago 5mo ago Active
ووکامرس فارسی persianscript 70k+ 110 12y ago 2mo ago Active
درگاه پرداخت بانک ملت ووکامرس persianscript 2k+ 15 11y ago 4y ago Active
گرویتی فرم فارسی hannanstd 20k+ 14 6y ago 4mo ago Active

Contributor on other plugins (2)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
گرویتی فرم فارسی hannanstd 3.0.1 20k+
گیت‌لند | درگاه پرداخت هوشمند گیت‌لند mahdiy 2.3.8 1k+