Hello,

my site was opening Ads when clicking links. I had the security experts from sucuri scan my site and they identified your plugin file as the source.

It’s opening ads like these:
http://www.secretkontaktdienst.com/slp18_1?p=349927&prid=72207&pi=anna

See here for the message from sucuri:

quote

The second thing is that I was able to track down the redirects, here is the evidence:

————————————————————-
http://pornburger.com/ar/out
http://russian-baby.com/US/1/?offer_id=1559&aff_id=7437&url_id=0&aff_sub=1006&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=

————————————————————–

According to my research, these redirects are being initiated by “foucdn.com/c/trdsi”, could you please confirm if you’re aware of this code ?, here is the request:

URL: http://foucdn.com/c/trdsi
Loaded By: http://adult-income.com/wp-content/plugins/frontend-checklist/frontend-checklist.js?ver=fdc87c115e4575a7d72e29475509dd5c:58
Host: foucdn.com
IP: 104.28.24.9
Error/Status Code: 200
Client Port: 4310
Request Start: 1.798 s
DNS Lookup: 183 ms
Initial Connection: 33 ms
Time to First Byte: 2577 ms
Content Download: 0 ms
Bytes In (downloaded): 0.5 KB
Bytes Out (uploaded): 0.3 KB

In addition to that, the code has been located inside of the file “frontend-checklist.js ” located at “wp-content/plugins/frontend-checklist/”

WARN: Found suspicious file: ./wp-content/plugins/frontend-checklist/frontend-checklist.js (NOT CLEANED) – Manual inspection required (custom.search1): Content: ‘foucdn.com/c/trdsi”></script>’);function getCooki’.

Could you please confirm with your developer whether this code is legit ?

/quote

Can you answer the question? Do you know that code?