WP Beacon

Md. Toriqul Mowla

@sujon3g · wordpress.org profile ↗
Member since
2014-10-02
Location
Dhaka, Bangladesh
Employer
IMJOL
Job title
CEO
Authored
14 (5 closed)
SVN commit access
1
Readme contributor
0
Combined install base
6k+ across 14 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern SoftTech-IT bKash, Rocket, Nagad Resolved · false_positive_legit_ip_use 2d ago
Slugbkash
Patternhardcoded_ip_url
Kindbuiltin
Version2.4
Hit count1
First hit
File
index.php
Line
82
Snippet
( http://66.45.237.70/api.php )</p>
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "bkash",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "2.4",
    "hit_count": 1,
    "first_hit": {
        "file": "index.php",
        "line": 82,
        "snippet": "( http://66.45.237.70/api.php )</p>"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

Plugins authored (14)

Plugin Version Installs Last updated Status
SoftTech-IT bKash, Rocket, Nagad ·bkash 2.4 6k+ 1y ago Active
WPBatch Awesome Slider ·wpbatch-awesome-slider 1.0 10 11y ago Active
WPBatch icons Shortcode ·wpbatch-icons-shortcode 1.0 10 11y ago Active
WPBatch simple Slider ·wpbatch-simple-slider 1.0 10 11y ago Active
WPBatch Scroll to Top ·wpbatch-scroll-to-top 1.0 10 11y ago Active
scroll to top plugin ·batch25-scroll-to-top 1.0 Closed
ST Members List ·st-members-list 1.0 10y ago Active
Standard Employee List ·standard-employee-list 1.0 10y ago Active
Gridster Custom ·gridster-portfolio 1.0 9y ago Active
WPBatch Facebook Like Box ·wpbatch-facebook-like-box 1.0 Closed
WPBatch Gallery Slideshow ·wpbatch-gallery-slideshow 1.0 11y ago Active
wpbatch-photo-album ·wpbatch-photo-album Closed
WPBatch Portfolio ·wpbatch-portfolio 1.0 Closed
wpbatch-post-slider ·wpbatch-post-slider Closed

SVN commit access (1)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
SoftTech-IT bKash, Rocket, Nagad sujon3g 6k+ 29 9y ago 1y ago Active