WP Beacon

Yektanet Ecommerce

yektanet-ecommerce · by ynproduct · wordpress.org ↗ · SVN ↗
Active installs
900
Current version
1.1.6
Added
2022-02-07
Last updated
2023-12-19 (2y ago)
First seen by beacon
11d ago
Total downloads
21,803

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · false_positive_legit_ip_use 2026-04-30 15:25:31 (2d ago)
Slugyektanet-ecommerce
Patternhardcoded_ip_url
Kindbuiltin
Version1.1.6
Hit count2
First hit
File
settings/vars.php
Line
8
Snippet
$product_update_api_url = 'http://87.247.185.150/products';
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "yektanet-ecommerce",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "1.1.6",
    "hit_count": 2,
    "first_hit": {
        "file": "settings/vars.php",
        "line": 8,
        "snippet": "$product_update_api_url = 'http://87.247.185.150/products';"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

SVN committers (2)

Accounts with actual commit access to yektanet-ecommerce on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
ynproduct Young account 2022-01-30 10 2022-02-07 · r2674197 2023-12-19 · r3011769
plugin-master 2007-03-09 1 2022-02-02 · r2671714 2022-02-02 · r2671714

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
ynproduct 2022-01-30 10 commits Active

Versions (8 most recent)

Version Released Download
1.1.6 2023-12-19 · 2y ago zip
1.1.5 2023-07-12 · 2y ago zip
1.1.4 2022-03-12 · 4y ago zip
1.1.3 2022-02-20 · 4y ago zip
1.1.2 2022-02-19 · 4y ago zip
1.1.1 2022-02-19 · 4y ago zip
1.1.0 2022-02-16 · 4y ago zip
1.0.0 2022-02-16 · 4y ago zip