WP Beacon

Epeken for Anteraja

anteraja · by epeken · wordpress.org ↗ · SVN ↗
Active installs
40
Current version
2.2
Added
2021-05-04
Last updated
2026-05-17 (26d ago)
First seen by beacon
1mo ago
Total downloads
4,584

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · vendor_self_publishing_epeken_anteraja_courier 2026-05-08 16:17:16 (1mo ago)
Sluganteraja
Patternhardcoded_ip_url
Kindbuiltin
Version2.2
Hit count1
First hit
File
epeken-anteraja.php
Line
86
Snippet
$server = 'http://103.252.101.131';
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "anteraja",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "2.2",
    "hit_count": 1,
    "first_hit": {
        "file": "epeken-anteraja.php",
        "line": 86,
        "snippet": "$server = 'http://103.252.101.131';"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

SVN committers (2)

Accounts with actual commit access to anteraja on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
epeken 2015-04-05 1 2021-05-04 · r2525715 2026-05-17 · r3534332
plugin-master 2007-03-09 1 2021-05-03 · r2525609 2021-05-03 · r2525609

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
epeken 2015-04-05 1 commits Active

Versions (17 most recent)

Version Released Download
2.2 2026-05-17 · 26d ago zip
2.1 2025-01-20 · 1y ago zip
2.0 2024-09-05 · 1y ago zip
1.9.9 2023-02-20 · 3y ago zip
1.9.8 2023-02-10 · 3y ago zip
1.9.7 2022-06-11 · 4y ago zip
1.9.6 2022-04-27 · 4y ago zip
1.9.5 2022-04-24 · 4y ago zip
1.9.4 2022-03-19 · 4y ago zip
1.9.3 2021-12-21 · 4y ago zip
1.9.2 2021-09-27 · 4y ago zip
1.9.1 2021-08-09 · 4y ago zip
1.9 2021-08-06 · 4y ago zip
1.1.1 2021-08-06 · 4y ago zip
1.1 2021-07-13 · 4y ago zip
1.0.1 2021-06-13 · 5y ago zip
1.0.0 2021-05-05 · 5y ago zip