This is our own list of domainss and IP addresses found in various shell & malicious script used in wordpress website hack. Hacker usually inject small script like a simple html uploader first then they upload shell on the target server. Known shells and script are usually get blocked by the hosting so the hacker upload their small script like the image below then they grab their shell script remotely using the firstly uploaded script to bypass hosting security.

Domain/IPFiles Injected in
Date of Detection
managevshare.comRoot of server to all subdirectory10.30.18 of server to all subdirectory10.30.18
db.allyouwant.onlineEvery js folder09.08.18