惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
L
LangChain Blog
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
F
Full Disclosure
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
G
Google Developers Blog
C
Check Point Blog
GbyAI
GbyAI
A
About on SuperTechFans
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
T
Tor Project blog
AWS News Blog
AWS News Blog
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
U
Unit 42
Y
Y Combinator Blog
P
Privacy International News Feed
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
S
Schneier on Security
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
C
Cisco Blogs
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
月光博客
月光博客
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
Cloudbric
Cloudbric
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Security Blog
Microsoft Security Blog

Ctrl-Alt-Intel

Burnt by Burgers: Highlighting Void Blizzard’s Russian State Links Chinese actor compromises thousands of Wordpress sites South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940) Watch Guard! Qilin affiliate exploits network appliances for initial access KongTuke on compromised WordPress sites, DDOS Botnets and Cybercriminal Feuds Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis Supply-Chain Attacks, TP-Link devices & a pair of socks The BuddyBoss Attack: Claude’s Supply-Chain Attack The BuddyBoss Attack: Full Incident Analysis Inside the UPMI Phishing-as-a-Service Platform FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops MuddyWater Exposed: Inside an Iranian APT operation Investigating Suspected DPRK-Linked Crypto Intrusions Diesel Vortex: Exploring connections to Russian LLCs Aeternum Loader: When your C2 lives forever Aeternum Loader: Inside the binary ErrTraffic Under the Hood: A look at the source code
Wordpress Exploitation Exposure Checker
Ctrl-Alt-Intel · 2026-06-22 · via Ctrl-Alt-Intel

Check a domain or IP address

This browser-based checker determines whether a domain name or IP address appeared in the exploitation evidence reviewed by Ctrl-Alt-Intel in our blog Chinese actor compromises thousands of Wordpress sites. Results are separated into four evidence levels:

  • Targeted - present in a vulnerability-specific target list.
  • Suspected - scanner-positive behavior was recorded, but executable access was not verified.
  • Validated - an upload or later verification succeeded, with weaker proof than the confirmed tier.
  • Confirmed - strict marker, command output, arithmetic proof, or authenticated web-shell evidence was recorded.

The value entered below is normalized and hashed inside the browser. It is compared against a static, hash-prefix lookup table; the entered domain or IP address is not sent to a lookup service.

Interpreting the result

A match does not necessarily mean the website remains compromised today. It means the supplied domain or IP address appears in the preserved local evidence at the stated confidence level.

Where available, the checker provides:

  • the associated CVE or locally documented exploitation chain;
  • the strongest observed status;
  • specific web-shell paths;
  • vulnerability-specific remediation guidance; and
  • practical hunting suggestions.

A no match result only means the normalized value was absent from this dataset. It is not proof that the site was never scanned, targeted, exploited, or compromised.

Threat Hunting

File and path indicators

Recurring filenames include:

.bd.php
.wp-log.php
.sys_log.php
sfl_bk.php
.auto.php
.sd.php
.sd_*.php
.leo_??????????.php
.brq-*.php
.wvp-*.php
.cc-*.php
.nf-log.php

Recurring directories include:

/wp-content/uploads/breeze/gravatars/
/wp-content/uploads/trx_addons/
/wp-content/cache/berqwp/
/wp-content/uploads/simple-file-list/
/wp-content/uploads/ninja-forms/

Request indicators

Search web logs for:

/wp-content/plugins/simple-file-list/ee-upload-engine.php
/wp-content/plugins/simple-file-list/ee-file-engine.php
/wp-content/plugins/berqwp/store_javascript_cache.php
/wp-json/gutenkit/v1/install-active-plugin
/wp-json/hc/v1/themehunk-import

Search admin-ajax.php bodies for:

beplus_import_pack_install_plugin
breeze_fetch_gravatar
fetch_gravatar_from_remote
trx_addons_uploads_save_data
nf_upload_file
nf_fu_upload
gfmu-plupload-submit
fc_ajax_call
waveplayer_create_local_copy
wpbookit_add_booking_type
dnd_codedropz_upload
sneeit_articles_pagination