Report: new malicious domains associated with SQL injection attacks
I’ve been keeping a close eye on Australian web sites that have been affected by malicious SQL injection attacks, specifically concentrating on sites that are ‘repeat offenders’.
One of the repeat offenders is walkingchallenge.gov.au. On that site I found code pointing to the domain ucomddv.com (created today, 2 July 2008), and what may be a new JS naming convention, being ngg.js.
A search for ngg.js reveals even more domains, being mainbvd.com (created today), cont67.com (created on 1 July 2008) and portwbr.com (created today).
A close look at the new domains reveals a treasure trove of relational information.
Some of the domains below that can be tied in with the newly created malicious domains have been identified in association with SQL injection incidents. Others have been used for phishing – the bad guys certainly believe in diversity.
adupd.mobi | adwste.mobi | app52.com | appid37.com | asp23.net | asp27.com | asp63.com | asp707.com | asp72.com | aspssl63.com | bnrupdate.mobi | capitalonebank.com.pag23.com | chase.com.id746.com | chk52.com | cls37.com | coldwop.com | com.id746.com | com.pag23.com | comm62.com | cont67.com | cookie83.com | core45.com | hdadwcd.com | hyperadw.com | id294.com | id746.com | kadport.com | mode64.com | mx1.updatead.com | ns1.adupd.mobi | ns1.adwste.mobi | ns1.app52.com | ns1.appid37.com | ns1.asp23.net | ns1.asp27.com | ns1.asp63.com | ns1.asp72.com | ns1.aspssl63.com | ns1.bnrupdate.mobi | ns1.chk52.com | ns1.cls37.com | ns1.coldwop.com | ns1.comm62.com | ns1.cont67.com | ns1.cookie83.com | ns1.core45.com | ns1.hdadwcd.com | ns1.hyperadw.com | ns1.id294.com | ns1.id746.com | ns1.kadport.com | ns1.mode64.com | ns1.pag23.com | ns1.portwbr.com | ns1.sid36.com | ns1.ssl39.com | ns1.supbnr.com | ns1.ucomddv.com | ns1.update34.com | ns1.updatead.com | ns1.view62.com | ns1.www.appid37.com | ns10.www.appid37.com | ns11.www.appid37.com | ns12.www.appid37.com | ns13.www.appid37.com | ns14.www.appid37.com | ns15.www.appid37.com | ns2.adupd.mobi | ns2.adwste.mobi | ns2.app52.com | ns2.appid37.com | ns2.asp23.net | ns2.asp27.com | ns2.asp63.com | ns2.asp72.com | ns2.aspssl63.com | ns2.bnrupdate.mobi | ns2.chk52.com | ns2.cls37.com | ns2.coldwop.com | ns2.comm62.com | ns2.cont67.com | ns2.cookie83.com | ns2.core45.com | ns2.hdadwcd.com | ns2.hyperadw.com | ns2.id294.com | ns2.id746.com | ns2.kadport.com | ns2.mode64.com | ns2.pag23.com | ns2.portwbr.com | ns2.sid36.com | ns2.ssl39.com | ns2.suppadw.com | ns2.ucomddv.com | ns2.update34.com | ns2.updatead.com | ns2.view62.com | ns2.www.appid37.com | ns3.adupd.mobi | ns3.adwste.mobi | ns3.app52.com | ns3.appid37.com | ns3.asp23.net | ns3.asp27.com | ns3.asp63.com | ns3.asp72.com | ns3.aspssl63.com | ns3.bnrupdate.mobi | ns3.chk52.com | ns3.cls37.com | ns3.coldwop.com | ns3.comm62.com | ns3.cont67.com | ns3.cookie83.com | ns3.core45.com | ns3.hdadwcd.com | ns3.hyperadw.com | ns3.id294.com | ns3.id746.com | ns3.kadport.com | ns3.mode64.com | ns3.pag23.com | ns3.portwbr.com | ns3.sid36.com | ns3.ssl39.com | ns3.supbnr.com | ns3.suppadw.com | ns3.ucomddv.com | ns3.update34.com | ns3.updatead.com | ns3.view62.com | ns3.www.appid37.com | ns4.adupd.mobi | ns4.adwste.mobi | ns4.app52.com | ns4.appid37.com | ns4.asp23.net | ns4.asp27.com | ns4.asp63.com | ns4.asp72.com | ns4.aspssl63.com | ns4.chk52.com | ns4.cls37.com | ns4.coldwop.com | ns4.hdadwcd.com | ns4.hyperadw.com | ns4.id294.com | ns4.id746.com | ns4.kadport.com | ns4.mode64.com | ns4.pag23.com | ns4.sid36.com | ns4.ssl39.com | ns4.supbnr.com | ns4.suppadw.com | ns4.update34.com | ns4.updatead.com | ns4.www.appid37.com | ns5.www.appid37.com | ns6.www.appid37.com | ns7.www.appid37.com | ns8.www.appid37.com | ns9.www.appid37.com | pag23.com | ssl39.com | supbnr.com | suppadw.com | towernet4.capitalonebank.com.pag23.com | ucomddv.com | update34.com | view62.com | ww4.chase.com.id746.com | www .appid37.com | www .aspssl63.com
“Report: new malicious domains associated with SQL injection attacks”