Nulled Wordpress Optinmonster 2.1.7 Plugin -l Jun 2026

rule Nulled_OptinMonster_217 meta: description = "Detects nulled OptinMonster 2.1.7 with backdoor" hash = "a4f3c8d9e2b1c7a5e9d3f2b1c8a7d4e2" strings: $s1 = "om_dbg" wide ascii $s2 = "94.102.61.78" ascii $s3 = "OptinMonster/NulledBot" ascii $s4 = "pre_http_request" ascii condition: all of them

In includes/license.php , the legitimate version calls optinmonster_api_activate_license() . The nulled version replaces this with: Nulled Wordpress Optinmonster 2.1.7 Plugin -l