Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 20th, 2008

Current List Of Malicious Domains Inserted Through SQL Injection

SQL injection vulnerabilities are widely exploited in various websites and used to insert malicious references that redirect users and infect their PCs. Since there are more and more of those attacks reported almost daily, a list of domains used in past and recent massive SQL injections can be very useful for many site owners and users who are trying to research or avoid infections.

Mike Johnson from Shadowserver has published a list that is focused on mass SQL injection attacks and can be used with other generic malware lists from or There is no full proof method to identify if a website or its database has been infected with malicious code. One way of checking it is by searching for the specific malicious domains hosting the JavaScript and pointed out by the malicious references added by mass infection tools.

Here is the list from Shadowserver, updated for September 17:
%6b%6b%36%2e%75%73 (
%73%61%79%38%2E%75%73 (
%66%75%63%6B%75%75%2E%75%73 (
%61%2E%6B%61%34%37%2E%75%73 (
%61%31%38%38%2E%77%73 (
%33%2E%74%72%6F%6A%61%6E%38%2E%63%6F%6D (
%6D%31%31%2E%33%33%32%32%2E%6F%72%67 (

Do not visit those sites, they might infect your system.

Another method based on Google can check if your domain has been compromised and malicious Javascript references have been inserted on your website pages. Simply search by any of the domains in the list adding the Google’s “site:” directive specifying your own domain.

If you know about any other similar resource, or additional domains used to spread malicious code used in SQL injection attacks, please send it to us or post it in comments.


Students who have done 650-575 and 642-523 have the names of these domains on their finger tips because of doing 000-223 and 642-503. Someone who has only done 70-272 may not be aware of them though.

Share this article with others:

More on CyberInsecure:
  • New Lateral SQL Injection Method To Hack Oracle Database
  • Database Compromised Through SQL Injection, Localized Website Versions Also Affected
  • Mass SQL Injection Attack Infects Over 28,000 Pages, Including iTunes Podcast
  • New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack
  • Savannah Free Software Collaborative Development Platform Hacked, Accounts Compromised Through SQL Injection

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Current List Of Malicious Domains Inserted Through SQL Injection

    One Response to “Current List Of Malicious Domains Inserted Through SQL Injection”

    1. Greg Martin Says:
      June 30th, 2008 at 11:45 am

      Sentinel IPS @ protects the webserver from this attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.