CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 20th, 2008

Current List Of Malicious Domains Inserted Through SQL Injection

SQL injection vulnerabilities are widely exploited in various websites and used to insert malicious references that redirect users and infect their PCs. Since there are more and more of those attacks reported almost daily, a list of domains used in past and recent massive SQL injections can be very useful for many site owners and users who are trying to research or avoid infections.

Mike Johnson from Shadowserver has published a list that is focused on mass SQL injection attacks and can be used with other generic malware lists from www.malwaredomainlist.com or malwaredomains.com. There is no full proof method to identify if a website or its database has been infected with malicious code. One way of checking it is by searching for the specific malicious domains hosting the JavaScript and pointed out by the malicious references added by mass infection tools.

Here is the list from Shadowserver, updated for September 17:

www.nihaorr1.com
free.hostpinoy.info
xprmn4u.info
www.nmidahena.com
%6b%6b%36%2e%75%73 (kk6.us)
%73%61%79%38%2E%75%73 (s.see9.us)
winzipices.cn
%66%75%63%6B%75%75%2E%75%73 (fuckuu.us)
www.killpp.cn
sb.5252.ws
www.aspder.com
www.11910.net
bbs.jueduizuan.com
www.bluell.cn
www.2117966.net
s.see9.us
xvgaoke.cn
1.hao929.cn
www.414151.com
www.hiwowpp.cn
cc.18dd.net
yl18.net
www.kisswow.com.cn
urkb.net
c.uc8010.com
www.loveqianlai.cn
rnmb.net
www.ririwow.cn
jjmaoduo.3322.org
www.killwow1.cn
www.xiaobaishan.net
www.qiqigm.com
www.wowgm1.cn
www.98hs.ru
mo98g.cn
www.wowyeye.cn
9i5t.cn
c11.8866.org
computershello.cn
www.tlcn.net
www3.800mg.cn
chanm.cn
www.z008.net
abc.verynx.cn
b15.3322.org
www.qiqicc.cn
www.direct84.com
www.heihei117.cn
www.caocaowow.cn
1.verynx.cn
www.qiuxuegm.com
www.wowofmusiopl.com.cn
www.locale48.com
firestnamestea.cn
www.j8j8hei.cn
%61%2E%6B%61%34%37%2E%75%73 (a.ka47.us)
fami4ka.net
www.westpacsecuresite.com
www.supbnr.com
www.redir94.com
www.rexec39.com
%61%31%38%38%2E%77%73 (a188.ws)
www.en-us18.com
www.hitlistesi.com
www0.douhunqn.cn
www.cdport.eu
ck1.in
www.ncb2.ru
www.ujnc.ru
www.adjuncnet.com
www.rundll92.com
www.dbgbron.com
www.sysid72.com
i8jdd.cn
n.uc8010.com
www.libid53.com
www.qiqi111.cn
heartgames.cn
www.logid83.com
www.update34.com
www.bsko.ru
www.datajto.com
www.browsad.com
jjmaobuduo.3322.org
www.adw95.com
tjwh202.162.ns98.cn
www.jetadwor.com
www.aladbnr.com
www.kj5s.ru
www.bnrbasead.com
www.cookieadw.com
www.asslad.com
www.bannerupd.com
nb88.cn
www.clrbbd.com
www.appdad.com
www.bigadnet.com
1.cool0.biz
www.updatebnr.com
flyzhu.9966.org
www.sslnet72.com
www.advertbnr.com
www.script46.com
www.apidad.com
www.loctenv.com
www.fengnima.cn
www.tag58.com
www.banner82.com
www.gitporg.com
smeisp.cn
a814.cn
www.bnradd.mobi
www.brsadd.com
jjmaoduo2.3322.org
www.bosf.ru
hoursebuilds.cn
www.bywd.ru
www.qqcc123.cn
www.hyperadw.com
www.adsitelo.com
www.njep.ru
okey123.cn
www.worldofwarcrokft.com
d.388b.cn
www.adbtch.com
b.kaobt.cn
www.cb3f.ru
www.getadw.com
www.nihao112.com
al.99.vc
www.aidushu.net
www.porv.ru
a.13175.com
www.chliyi.com
free.edivid.info
52-o.cn
www.fucksb.net
www60.actualization.cn
d39.6600.org
www.mainadt.com
www.qq117cc.cn
www.asodbr.com
www.b4so.ru
www.oics.ru
h28.8800.org
l61.3322.org
www.armsart.com
001yl.com
ucmal.com
t.uc8010.com
www.nudk.ru
shygddc.cn
yrwap.cn
www.bjxt.ru
www.ncbw.ru
www2.1000ylc.cn
www.dota11.cn
www.pingbnr.com
www.portadrd.com
www.bnrbtch.com
www.blockkd.com
www.allocbn.mobi
www.o1o2qq.cn
www.bnrcompro.com
y66.us
m11.3322.org
bc0.cn
%33%2E%74%72%6F%6A%61%6E%38%2E%63%6F%6D (3.trojan8.com)
www.ojns.ru
www.blcadw.com
www.clsidw.com
www.adword71.com
killpp.cn
www.bnradw.com
www.ibse.ru
cmiia.com
www.sslput4.com
www.exe94.com
www.adwadb.mobi
www.8hcs.ru
www.bnrcntrl.com
w11.6600.org
usuc.us
www.hlpadw.com
www.bgsr.ru
www.uhwc.ru
www.jumpbnr.com
www.advabnr.com
www.siteid38.com
www.msshamof.com
www.refer68.com
www.google9.info
www.okcd.ru
www.nbh3.ru
www.bluexzz.cn
xunlei.verynx.cn
www.wowgm2.cn
mm.jsjwh.com.cn
newasp.com.cn
www.gty5.ru
www.gty5.ru
www.nwj4.ru
www.catdbw.mobi
www.app52.com
www.asp707.com
%6D%31%31%2E%33%33%32%32%2E%6F%72%67 (m11.3322.org)
chat27.by.ru
www.nudk.ru
www.updatead.com
www.win496.com
usuc.us
www.adwsupp.com
www.juc8.ru
www.cnld.ru
www.jkn3.ru
www.brcporb.ru
www.view89.com
17ge.cn
www.err68.com
ww.xnibi.com
www.upgradead.com
www.adword72.com
kk6.us
www.clickbnr.com
www.117275.cn
c23.2288.org
sysid72.com
www.encode72.com
www.exec51.com
www.pingadw.com
www.lksr.ru
zirvehit.com
www.locm.ru
vb008.cn
www.wow112.cn
www.nihaoel3.com
p060523.info
o7n9.cn
www.rundll841.com
www.jetdbs.com
www.dbdomaine.com
www.domaincld.com
www.clsiduser.com
www.heiheinn.cn
www.coldwop.com
www.alzhead.com
www.chinabnr.com
www.adwbnr.com
www.chkbnr.com
www.chkadw.com
www.apps84.com
www.appid37.com
www.aspssl63.com
www.aspx49.com
www.base48.com
www.batch29.com
www.bin963.com
www.bios47.com
www.hlpgetw.com
www.getbwd.com
www.dbupdr.com
www.lang34.com
www.cid26.com
www.rid34.com
www.tid62.com
www.dl251.com
www.st212.com
www.adwste.mobi
www.bnrupdate.mobi
www.adupd.mobi
www.hdadwcd.com
www.kadport.com
www.suppadw.com
www.web923.com
www.csl24.com
www.get49.net
www.pid72.com
www.pid76.net
www.maigol.cn
www.cntrl62.com
www.config73.com
www.default37.com
www.debug73.com
www.canclvr.com
www.ktrcom.com
www.lokriet.com
www.mainbvd.com
www.portwbr.com
www.stiwdd.com
www.testwvr.com
www.ucomddv.com
www.upcomd.com
www.ausadd.com
www.ausbnr.com
www.crtbond.com
www.destbnp.com
www.gbradp.com
www.gbradw.com
www.usaadp.com
www.usaadw.com
www.usabnr.com
www.adwnetw.com
www.bnsdrv.com
www.butdrv.com
www.cdrpoex.com
www.cliprts.com
www.drvadw.com
www.hdrcom.com
www.loopadd.com
www.movaddw.com
www.nopcls.com
www.pyttco.com
www.tctcow.com
www.bkpadd.mobi
www.destad.mobi
www.porttw.mobi
www.tertad.mobi
www.addrl.com
www.adpzo.com
www.gbradde.tk
www.btoperc.ru
www.grtsel.ru
www.korfd.ru
www.rcdplc.ru
www.adwr.ru
www.bnrc.ru
www.iogp.ru
www.lodse.ru
www.rrcs.ru
www.sdkj.ru
www.sslwer.ru
www.vcre.ru
www.adwbn.ru
www.4cnw.ru
www.90mc.ru
www.d5sg.ru
www.gb53.ru
www.h23f.ru
www.jex5.ru
www.jvke.ru
www.keec.ru
www.keje.ru
www.lkc2.ru
www.5kc3.ru
www.kc43.ru
www.ecx2.ru
www.4vrs.ru
www.9jsr.ru
www.bts5.ru
www.cgt4.ru
www.chds.ru
www.cvsr.ru
www.kgj3.ru
www.jve4.ru
www.ch35.ru
www.kjwd.ru
www.ncwc.ru
www.kodj.ru
www.iroe.ru
www.kpo3.ru
www.nemr.ru
www.bce8.ru
www.pfd2.ru
www.nmr43.ru
www.kr92.ru
www.po4c.ru
www.b4so.ru
www.bjxt.ru
www.bnsr.ru
www.bosf.ru
www.bsko.ru
www.kj5s.ru
www.ncb2.ru
www.njep.ru
www.oics.ru
www.bnsr.ru
www.ba1do.com
sdo.1000mg.cn
cv34.co.uk
db23.co.uk
www.3njx.ru
www.bcus2.ru
www.beyry.ru
www.iopc4.ru
www.iopoe.ru
www.jetp6.ru
www.loopk.ru
www.netr2.ru
www.nucop.ru
www.port04.ru
www.ueur3.ru
www.vj64.ru
www.2b24.ru
www.cg33.ru
www.cv2e.ru
www.cv32.ru
www.mc2n.ru
www.mj5f.ru
www.oc32.ru
www.vswc.ru
www.jic2.ru
www.19ssl.net
www.24aspx.com
www.64do.com
www.aspx46.com
www.22net.ru
www.4net9.ru
www.51com.ru
www.64asp.ru
www.92prt.ru
www.acr34.ru
www.asl39.ru
www.fst9.ru
www.net83.ru
www.sel92.ru
www.mnbenio.ru
www.mnicbre.ru
www.pkseio.ru
www.vtg43.ru

Do not visit those sites, they might infect your system.

Another method based on Google can check if your domain has been compromised and malicious Javascript references have been inserted on your website pages. Simply search by any of the domains in the list adding the Google’s “site:” directive specifying your own domain.

If you know about any other similar resource, or additional domains used to spread malicious code used in SQL injection attacks, please send it to us or post it in comments.

 

Students who have done 650-575 and 642-523 have the names of these domains on their finger tips because of doing 000-223 and 642-503. Someone who has only done 70-272 may not be aware of them though.
Share this article with others:

More on CyberInsecure:
  • New Lateral SQL Injection Method To Hack Oracle Database
  • MySQL.com Database Compromised Through SQL Injection, Localized Website Versions Also Affected
  • Mass SQL Injection Attack Infects Over 28,000 Pages, Including iTunes Podcast
  • New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack
  • Savannah Free Software Collaborative Development Platform Hacked, Accounts Compromised Through SQL Injection

    • Posted in Breaches And Incidents, Malware, Mass Web Attacks, Software, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Tuesday, May 20th, 2008 at 8:31 pm and is filed under Breaches And Incidents, Malware, Mass Web Attacks, Software, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Current List Of Malicious Domains Inserted Through SQL Injection

    One Response to “Current List Of Malicious Domains Inserted Through SQL Injection”

    1. Greg Martin Says:
      June 30th, 2008 at 11:45 am

      Sentinel IPS @ networkcloaking.com protects the webserver from this attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »