This is our own list of domainss and IP addresses found in various shell & malicious script used in wordpress website hack. Hacker usually inject small script like a simple html uploader first then they upload shell on the target server. Known shells and script are usually get blocked by the hosting so the hacker upload their small script like the image below then they grab their shell script remotely using the firstly uploaded script to bypass hosting security.


Domain/IP Files Injected in
Date of Detection
managevshare.com Root of server to all subdirectory 10.30.18
27.155.88.190 Root of server to all subdirectory 10.30.18
db.allyouwant.online Every js folder 09.08.18