























This browser-based checker determines whether a domain name or IP address appeared in the exploitation evidence reviewed by Ctrl-Alt-Intel in our blog Chinese actor compromises thousands of Wordpress sites. Results are separated into four evidence levels:
The value entered below is normalized and hashed inside the browser. It is compared against a static, hash-prefix lookup table; the entered domain or IP address is not sent to a lookup service.
A match does not necessarily mean the website remains compromised today. It means the supplied domain or IP address appears in the preserved local evidence at the stated confidence level.
Where available, the checker provides:
A no match result only means the normalized value was absent from this dataset. It is not proof that the site was never scanned, targeted, exploited, or compromised.
Recurring filenames include:
.bd.php
.wp-log.php
.sys_log.php
sfl_bk.php
.auto.php
.sd.php
.sd_*.php
.leo_??????????.php
.brq-*.php
.wvp-*.php
.cc-*.php
.nf-log.php
Recurring directories include:
/wp-content/uploads/breeze/gravatars/
/wp-content/uploads/trx_addons/
/wp-content/cache/berqwp/
/wp-content/uploads/simple-file-list/
/wp-content/uploads/ninja-forms/
Search web logs for:
/wp-content/plugins/simple-file-list/ee-upload-engine.php
/wp-content/plugins/simple-file-list/ee-file-engine.php
/wp-content/plugins/berqwp/store_javascript_cache.php
/wp-json/gutenkit/v1/install-active-plugin
/wp-json/hc/v1/themehunk-import
Search admin-ajax.php bodies for:
beplus_import_pack_install_plugin
breeze_fetch_gravatar
fetch_gravatar_from_remote
trx_addons_uploads_save_data
nf_upload_file
nf_fu_upload
gfmu-plupload-submit
fc_ajax_call
waveplayer_create_local_copy
wpbookit_add_booking_type
dnd_codedropz_upload
sneeit_articles_pagination
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。