Backdoor in Captcha Plugin Affects 300K WordPress Sites
Tags
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Search Engines - T1593.002 Whois - T1596.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 49849592-5d8c-409c-a89f-c8cbf3d23457 |
| Fingerprint | 8499881300a0e543 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 19, 2017, 7:41 p.m. |
| Added to db | Jan. 19, 2023, 12:02 a.m. |
| Last updated | Nov. 18, 2024, 9:30 a.m. |
| Headline | Backdoor in Captcha Plugin Affects 300K WordPress Sites |
| Title | Backdoor in Captcha Plugin Affects 300K WordPress Sites |
| Detected Hints/Tags/Attributes | 36/1/48 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | simplywordpress.net |
|
| Details | Domain | 7 | hotmail.co.uk |
|
| Details | Domain | 11 | viewdns.info |
|
| Details | Domain | 1 | unsecuredloans4u.co.uk |
|
| Details | Domain | 1 | www.viewdns.info |
|
| Details | Domain | 1 | pingloans.co.uk |
|
| Details | Domain | 1 | heyrank.co.uk |
|
| Details | Domain | 1 | ns1.heyrank.co.uk |
|
| Details | Domain | 1 | ns2.heyrank.co.uk |
|
| Details | Domain | 1 | www.digitalunite.com |
|
| Details | Domain | 1 | www.serpable.co.uk |
|
| Details | Domain | 1 | codelabs.group |
|
| Details | Domain | 1 | leadbrain.co.uk |
|
| Details | Domain | 1 | loanload.co.uk |
|
| Details | Domain | 1 | pounda.co.uk |
|
| Details | Domain | 142 | wordpress.org |
|
| Details | 1 | scwellington@hotmail.co.uk |
||
| Details | 1 | viewdns.info/reversewhois/?q=scwellington@hotmail.co.uk |
||
| Details | File | 1 | 'cptch_wp_auto_update.php |
|
| Details | File | 1 | captcha_pro_update.php |
|
| Details | File | 1 | plugin-update.php |
|
| Details | File | 9 | wp-blog-header.php |
|
| Details | File | 6 | pluggable.php |
|
| Details | File | 1 | captcha_free_update.php |
|
| Details | File | 10 | viewdns.inf |
|
| Details | File | 1 | sw_popup_free_update.php |
|
| Details | File | 1 | swpopup.php |
|
| Details | File | 1 | sw_popup_pro_update.php |
|
| Details | IPv4 | 1 | 195.154.179.176 |
|
| Details | Url | 1 | https://simplywordpress.net/captcha/captcha_pro_update.php |
|
| Details | Url | 1 | https://simplywordpress[dot]net/captcha/captcha_pro_update.php |
|
| Details | Url | 1 | https://simplywordpress.net/captcha/captcha_free_update.php |
|
| Details | Url | 1 | https://simplywordpress[net]net/captcha/captcha_free_update.php |
|
| Details | Url | 1 | http://viewdns.info/reversewhois/?q=scwellington@hotmail.co.uk |
|
| Details | Url | 1 | http://www.viewdns.info/dnsreport/?domain=simplywordpress.net |
|
| Details | Url | 1 | http://www.viewdns.info/dnsreport/?domain=unsecuredloans4u.co.uk |
|
| Details | Url | 1 | http://simplywordpress.net/recaptcha2 |
|
| Details | Url | 1 | http://simplywordpress.net/swpopup |
|
| Details | Url | 1 | http://simplywordpress.net/recaptcha1 |
|
| Details | Url | 1 | http://simplywordpress.net/recaptcha1/sw_popup_free_update.php |
|
| Details | Url | 1 | http://heyrank.co.uk/plugintool/recaptcha2/sw_popup_pro_update.php |
|
| Details | Url | 1 | https://www.digitalunite.com/users/stacy-wellington |
|
| Details | Url | 1 | http://www.serpable.co.uk |
|
| Details | Url | 1 | http://viewdns.info/dnsreport/?domain=codelabs.group |
|
| Details | Url | 1 | http://viewdns.info/dnsreport/?domain=leadbrain.co.uk |
|
| Details | Url | 1 | http://loanload.co.uk |
|
| Details | Url | 1 | http://pingloans.co.uk |
|
| Details | Url | 1 | http://pounda.co.uk |