This is our own list of domainss and IP addresses found in various shell & malicious script used in wordpress website hack. Hacker usually inject small script like a simple html uploader first then they upload shell on the target server. Known shells and script are usually get blocked by the hosting so the hacker upload their small script like the image below then they grab their shell script remotely using the firstly uploaded script to bypass hosting security.
|Domain/IP||Files Injected in|
|managevshare.com||Root of server to all subdirectory||10.30.18|
|18.104.22.168||Root of server to all subdirectory||10.30.18|
|db.allyouwant.online||Every js folder||09.08.18|