Current List Of Malicious Domains Inserted Through SQL Injection
SQL injection vulnerabilities are widely exploited in various websites and used to insert malicious references that redirect users and infect their PCs. Since there are more and more of those attacks reported almost daily, a list of domains used in past and recent massive SQL injections can be very useful for many site owners and users who are trying to research or avoid infections.
Mike Johnson from Shadowserver has published a list that is focused on mass SQL injection attacks and can be used with other generic malware lists from www.malwaredomainlist.com or malwaredomains.com. There is no full proof method to identify if a website or its database has been infected with malicious code. One way of checking it is by searching for the specific malicious domains hosting the JavaScript and pointed out by the malicious references added by mass infection tools.
Here is the list from Shadowserver, updated for September 17:
www.nihaorr1.com
free.hostpinoy.info
xprmn4u.info
www.nmidahena.com
%6b%6b%36%2e%75%73 (kk6.us)
%73%61%79%38%2E%75%73 (s.see9.us)
winzipices.cn
%66%75%63%6B%75%75%2E%75%73 (fuckuu.us)
www.killpp.cn
sb.5252.ws
www.aspder.com
www.11910.net
bbs.jueduizuan.com
www.bluell.cn
www.2117966.net
s.see9.us
xvgaoke.cn
1.hao929.cn
www.414151.com
www.hiwowpp.cn
cc.18dd.net
yl18.net
www.kisswow.com.cn
urkb.net
c.uc8010.com
www.loveqianlai.cn
rnmb.net
www.ririwow.cn
jjmaoduo.3322.org
www.killwow1.cn
www.xiaobaishan.net
www.qiqigm.com
www.wowgm1.cn
www.98hs.ru
mo98g.cn
www.wowyeye.cn
9i5t.cn
c11.8866.org
computershello.cn
www.tlcn.net
www3.800mg.cn
chanm.cn
www.z008.net
abc.verynx.cn
b15.3322.org
www.qiqicc.cn
www.direct84.com
www.heihei117.cn
www.caocaowow.cn
1.verynx.cn
www.qiuxuegm.com
www.wowofmusiopl.com.cn
www.locale48.com
firestnamestea.cn
www.j8j8hei.cn
%61%2E%6B%61%34%37%2E%75%73 (a.ka47.us)
fami4ka.net
www.westpacsecuresite.com
www.supbnr.com
www.redir94.com
www.rexec39.com
%61%31%38%38%2E%77%73 (a188.ws)
www.en-us18.com
www.hitlistesi.com
www0.douhunqn.cn
www.cdport.eu
ck1.in
www.ncb2.ru
www.ujnc.ru
www.adjuncnet.com
www.rundll92.com
www.dbgbron.com
www.sysid72.com
i8jdd.cn
n.uc8010.com
www.libid53.com
www.qiqi111.cn
heartgames.cn
www.logid83.com
www.update34.com
www.bsko.ru
www.datajto.com
www.browsad.com
jjmaobuduo.3322.org
www.adw95.com
tjwh202.162.ns98.cn
www.jetadwor.com
www.aladbnr.com
www.kj5s.ru
www.bnrbasead.com
www.cookieadw.com
www.asslad.com
www.bannerupd.com
nb88.cn
www.clrbbd.com
www.appdad.com
www.bigadnet.com
1.cool0.biz
www.updatebnr.com
flyzhu.9966.org
www.sslnet72.com
www.advertbnr.com
www.script46.com
www.apidad.com
www.loctenv.com
www.fengnima.cn
www.tag58.com
www.banner82.com
www.gitporg.com
smeisp.cn
a814.cn
www.bnradd.mobi
www.brsadd.com
jjmaoduo2.3322.org
www.bosf.ru
hoursebuilds.cn
www.bywd.ru
www.qqcc123.cn
www.hyperadw.com
www.adsitelo.com
www.njep.ru
okey123.cn
www.worldofwarcrokft.com
d.388b.cn
www.adbtch.com
b.kaobt.cn
www.cb3f.ru
www.getadw.com
www.nihao112.com
al.99.vc
www.aidushu.net
www.porv.ru
a.13175.com
www.chliyi.com
free.edivid.info
52-o.cn
www.fucksb.net
www60.actualization.cn
d39.6600.org
www.mainadt.com
www.qq117cc.cn
www.asodbr.com
www.b4so.ru
www.oics.ru
h28.8800.org
l61.3322.org
www.armsart.com
001yl.com
ucmal.com
t.uc8010.com
www.nudk.ru
shygddc.cn
yrwap.cn
www.bjxt.ru
www.ncbw.ru
www2.1000ylc.cn
www.dota11.cn
www.pingbnr.com
www.portadrd.com
www.bnrbtch.com
www.blockkd.com
www.allocbn.mobi
www.o1o2qq.cn
www.bnrcompro.com
y66.us
m11.3322.org
bc0.cn
%33%2E%74%72%6F%6A%61%6E%38%2E%63%6F%6D (3.trojan8.com)
www.ojns.ru
www.blcadw.com
www.clsidw.com
www.adword71.com
killpp.cn
www.bnradw.com
www.ibse.ru
cmiia.com
www.sslput4.com
www.exe94.com
www.adwadb.mobi
www.8hcs.ru
www.bnrcntrl.com
w11.6600.org
usuc.us
www.hlpadw.com
www.bgsr.ru
www.uhwc.ru
www.jumpbnr.com
www.advabnr.com
www.siteid38.com
www.msshamof.com
www.refer68.com
www.google9.info
www.okcd.ru
www.nbh3.ru
www.bluexzz.cn
xunlei.verynx.cn
www.wowgm2.cn
mm.jsjwh.com.cn
newasp.com.cn
www.gty5.ru
www.gty5.ru
www.nwj4.ru
www.catdbw.mobi
www.app52.com
www.asp707.com
%6D%31%31%2E%33%33%32%32%2E%6F%72%67 (m11.3322.org)
chat27.by.ru
www.nudk.ru
www.updatead.com
www.win496.com
usuc.us
www.adwsupp.com
www.juc8.ru
www.cnld.ru
www.jkn3.ru
www.brcporb.ru
www.view89.com
17ge.cn
www.err68.com
ww.xnibi.com
www.upgradead.com
www.adword72.com
kk6.us
www.clickbnr.com
www.117275.cn
c23.2288.org
sysid72.com
www.encode72.com
www.exec51.com
www.pingadw.com
www.lksr.ru
zirvehit.com
www.locm.ru
vb008.cn
www.wow112.cn
www.nihaoel3.com
p060523.info
o7n9.cn
www.rundll841.com
www.jetdbs.com
www.dbdomaine.com
www.domaincld.com
www.clsiduser.com
www.heiheinn.cn
www.coldwop.com
www.alzhead.com
www.chinabnr.com
www.adwbnr.com
www.chkbnr.com
www.chkadw.com
www.apps84.com
www.appid37.com
www.aspssl63.com
www.aspx49.com
www.base48.com
www.batch29.com
www.bin963.com
www.bios47.com
www.hlpgetw.com
www.getbwd.com
www.dbupdr.com
www.lang34.com
www.cid26.com
www.rid34.com
www.tid62.com
www.dl251.com
www.st212.com
www.adwste.mobi
www.bnrupdate.mobi
www.adupd.mobi
www.hdadwcd.com
www.kadport.com
www.suppadw.com
www.web923.com
www.csl24.com
www.get49.net
www.pid72.com
www.pid76.net
www.maigol.cn
www.cntrl62.com
www.config73.com
www.default37.com
www.debug73.com
www.canclvr.com
www.ktrcom.com
www.lokriet.com
www.mainbvd.com
www.portwbr.com
www.stiwdd.com
www.testwvr.com
www.ucomddv.com
www.upcomd.com
www.ausadd.com
www.ausbnr.com
www.crtbond.com
www.destbnp.com
www.gbradp.com
www.gbradw.com
www.usaadp.com
www.usaadw.com
www.usabnr.com
www.adwnetw.com
www.bnsdrv.com
www.butdrv.com
www.cdrpoex.com
www.cliprts.com
www.drvadw.com
www.hdrcom.com
www.loopadd.com
www.movaddw.com
www.nopcls.com
www.pyttco.com
www.tctcow.com
www.bkpadd.mobi
www.destad.mobi
www.porttw.mobi
www.tertad.mobi
www.addrl.com
www.adpzo.com
www.gbradde.tk
www.btoperc.ru
www.grtsel.ru
www.korfd.ru
www.rcdplc.ru
www.adwr.ru
www.bnrc.ru
www.iogp.ru
www.lodse.ru
www.rrcs.ru
www.sdkj.ru
www.sslwer.ru
www.vcre.ru
www.adwbn.ru
www.4cnw.ru
www.90mc.ru
www.d5sg.ru
www.gb53.ru
www.h23f.ru
www.jex5.ru
www.jvke.ru
www.keec.ru
www.keje.ru
www.lkc2.ru
www.5kc3.ru
www.kc43.ru
www.ecx2.ru
www.4vrs.ru
www.9jsr.ru
www.bts5.ru
www.cgt4.ru
www.chds.ru
www.cvsr.ru
www.kgj3.ru
www.jve4.ru
www.ch35.ru
www.kjwd.ru
www.ncwc.ru
www.kodj.ru
www.iroe.ru
www.kpo3.ru
www.nemr.ru
www.bce8.ru
www.pfd2.ru
www.nmr43.ru
www.kr92.ru
www.po4c.ru
www.b4so.ru
www.bjxt.ru
www.bnsr.ru
www.bosf.ru
www.bsko.ru
www.kj5s.ru
www.ncb2.ru
www.njep.ru
www.oics.ru
www.bnsr.ru
www.ba1do.com
sdo.1000mg.cn
cv34.co.uk
db23.co.uk
www.3njx.ru
www.bcus2.ru
www.beyry.ru
www.iopc4.ru
www.iopoe.ru
www.jetp6.ru
www.loopk.ru
www.netr2.ru
www.nucop.ru
www.port04.ru
www.ueur3.ru
www.vj64.ru
www.2b24.ru
www.cg33.ru
www.cv2e.ru
www.cv32.ru
www.mc2n.ru
www.mj5f.ru
www.oc32.ru
www.vswc.ru
www.jic2.ru
www.19ssl.net
www.24aspx.com
www.64do.com
www.aspx46.com
www.22net.ru
www.4net9.ru
www.51com.ru
www.64asp.ru
www.92prt.ru
www.acr34.ru
www.asl39.ru
www.fst9.ru
www.net83.ru
www.sel92.ru
www.mnbenio.ru
www.mnicbre.ru
www.pkseio.ru
www.vtg43.ru
Do not visit those sites, they might infect your system.
Another method based on Google can check if your domain has been compromised and malicious Javascript references have been inserted on your website pages. Simply search by any of the domains in the list adding the Google’s “site:” directive specifying your own domain.
If you know about any other similar resource, or additional domains used to spread malicious code used in SQL injection attacks, please send it to us or post it in comments.
Students who have done 650-575 and 642-523 have the names of these domains on their finger tips because of doing 000-223 and 642-503. Someone who has only done 70-272 may not be aware of them though. |
More on CyberInsecure:
June 30th, 2008 at 11:45 am
Sentinel IPS @ networkcloaking.com protects the webserver from this attack