D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様1社: 2025/01/29
※2025/01/29 更新
マルウェア感染させると考えられるURLを検知（2025/01/29）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxps://mocdrol[.]com[.]br/streamingplatforms[.]bin
hxxp://135[.]125[.]246[.]54/xampp/nco/nc/greatturningpointofentirelifegivenmebestthingsforgetbacktome[.]hta
hxxp://152[.]228[.]229[.]214/301/sww/shereallyliketokissy9uuoisheismygirlfriendswholovesmetrulygo[.]hta
hxxp://51[.]68[.]144[.]140/xampp/kbl/kk/mybestkingifindedeverfromtheworldofnewthingsgetmebackbetterplace[.]hta
hxxps://weixe[.]ir/txt/89oQilINVVAhwigj7[.]exe
Remcos


URL
hxxp://62[.]60[.]226[.]64/public_files/kSddSSp[.]txt
hxxps://captivatingkeepsakes[.]shop/S5[.]mp4
hxxp://5[.]253[.]59[.]205:7777/confirma3[.]com/Captcha
hxxps://composedmny[.]cyou/api
hxxps://edgedoplastuyc[.]click/api
hxxps://lastywaxer[.]click/api
hxxps://suppleregareds[.]shop/api
hxxps://stingyerasjhru[.]click/api
hxxp://62[.]60[.]226[.]64/public_files/mearpck[.]txt
hxxp://5[.]253[.]59[.]205:7777/confirma2[.]com/Captcha
hxxps://minlliving[.]biz/api
Lumma Stealer


URL
hxxps://95[.]215[.]207[.]176/70d63ca8a5be6cc3/sqlite3[.]dll
hxxps://95[.]215[.]207[.]176/70d63ca8a5be6cc3/mozglue[.]dll
hxxps://212[.]34[.]148[.]47/f3920c55236c2636/vcruntime140[.]dll
hxxp://91[.]239[.]53[.]29/d925e943a21dd486/softokn3[.]dll
hxxp://94[.]131[.]100[.]83/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll
hxxp://94[.]131[.]100[.]83/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll
Stealc


URL
hxxp://149[.]88[.]66[.]68/test[.]mp3
hxxps://api[.]telegram[.]org/bot8175192176:AAHZuZ0-rHS66YSwsvh8-gQjbZYSbY3IyXo/sendMessage
hxxps://api[.]telegram[.]org/bot6679282300:AAGbOMigj8BL4XN9ZHdgg5mtGSlrkMuWBnE/sendMessage
hxxps://api[.]telegram[.]org/bot7376203764:AAEFwAqU9MdiHgUg8-nR20gbWW7Ua9qtU4w/sendMessage
hxxp://45[.]141[.]26[.]234/1[.]vbs
AsyncRAT


URL
hxxp://109[.]71[.]252[.]202/X86_64
hxxp://185[.]121[.]15[.]223/bee
hxxp://209[.]141[.]35[.]180/m68k
hxxp://209[.]141[.]35[.]180/mips
hxxp://209[.]141[.]35[.]180/i686
hxxp://209[.]141[.]35[.]180/mipsel
hxxp://209[.]141[.]35[.]180/sh4
hxxp://209[.]141[.]35[.]180/x86
hxxp://209[.]141[.]35[.]180/arm61
hxxp://209[.]141[.]35[.]180/586
hxxp://209[.]141[.]35[.]180/co
hxxp://209[.]141[.]35[.]180/ppc
hxxp://209[.]141[.]35[.]180/dss
Bashlite


URL
hxxp://741300cm[.]nyashnyash[.]ru/PacketdbWindows[.]php
hxxp://38[.]180[.]145[.]185/DatalifeLocalGeneratorPipe/gamebase/Provider5/Game2TemporaryLongpoll/UploadsSecureProton/WpBigloadhttp4/51/external/03linuxWordpress/Datalife8javascriptProcessor/videoVmTopacketAuthBigloadServerdbTesttemporary[.]php
DCRat


URL
hxxp://193[.]143[.]1[.]205/invoice[.]php
StrelaStealer


URL
hxxps://bit[.]smogturfprance[.]shop/deniro[.]png
hxxps://solve[.]ooeu[.]org/awjsx[.]captcha
hxxps://solve[.]eiui[.]org/awjsx[.]captcha
hxxps://solve[.]ueeu[.]org/awjsx[.]captcha
hxxps://solve[.]iyuu[.]org/awjsx[.]captcha
ClearFake


URL
hxxp://172[.]245[.]123[.]21/xampp/swee/maybegetbestresultsforfreshfruitskissingaroundtheglobalforyou[.]hta
hxxp://192[.]3[.]95[.]229/madamwebxxxxxxxxxxxxxxxxxxxxxxxxxxx897675645687980[.]txt
hxxp://192[.]3[.]95[.]229/siscorppppxxxxxxxxxxxxxxxxxxxxxxxx433[.]txt
Agent Tesla


URL
hxxp://3[.]86[.]167[.]64/fag2[.]exe
hxxp://3[.]86[.]167[.]64/test[.]exe
hxxp://45[.]83[.]244[.]141/Files/Loli[.]bat
Quasar RAT


URL
hxxp://192[.]210[.]215[.]7/372/nic/givemebestthingsforgodshakebetterplaceforbeatuty[.]hta
MASS Logger


URL
hxxp://23[.]176[.]184[.]108/i686
MooBot


URL
hxxp://5[.]253[.]59[.]205:7777/confirma3[.]com/NetworkSysToolsvCardSplitandPremiumSetup[.]msi
DanaBot


URL
hxxps://api[.]telegram[.]org/bot7664186157:AAHBDRAKxcixTkc-YXHNylLjI0ZkZfIUxE8/sendMessage?chat_id=6443825857
hxxps://api[.]telegram[.]org/bot7684022823:AAFw0jHSu-b4qs6N7yC88nUOR8ovPrCdIrs/sendMessage?chat_id=6542615755
DarkCloud


URL
hxxp://46[.]183[.]222[.]162/bcxgfhgsf/Panel/five/fre[.]php
hxxp://46[.]183[.]222[.]162/jcxgfhgsf/Panel/five/fre[.]php
hxxp://46[.]183[.]222[.]162/bcxgfhgsf/Panel/five/PvqDq929BSx_A_D_M1n_a[.]php
LokiBot


URL
hxxp://b-need-for-speed[.]online/u3n6hcu6te3b46gc
TrickMo


URL
hxxps://api[.]telegram[.]org/bot7920003586:AAHBMriHaNCFiZ4OQ4NdecriTbdf93HSOJo/sendMessage?chat_id=7174574119
Snake Keylogger


URL
hxxp://77[.]87[.]77[.]110/logout[.]php
BetaBot


URL
hxxp://38[.]55[.]134[.]182:8000/123[.]ps1
Cobalt Strike


URL
hxxp://38[.]55[.]134[.]182:8000/2[.]elf
hxxp://38[.]55[.]134[.]182:8000/1[.]elf
hxxp://38[.]55[.]134[.]182:8000/shell[.]elf
ConnectBack


URL
hxxp://107[.]175[.]76[.]130/shell[.]exe
Metasploit


URL
hxxps://stayfitcenter[.]com/1-28934892/34959304583-mad[.]zip
hxxps://stayfitcenter[.]com/as[.]txt
HijackLoader


URL
hxxp://82[.]115[.]223[.]9/contact
AMOS


URL
hxxp://193[.]31[.]41[.]206/wp-content/estreatingMFJSH[.]exe
hxxp://193[.]31[.]41[.]206/wp-content/crunchilya5wYg[.]ps1
Azorult


URL
hxxp://92[.]255[.]57[.]155/yxnwkvfks28y/plugins/vnc[.]exe
TinyNuke


URL
hxxp://45[.]83[.]244[.]141/Files/encryption[.]exe
XWorm


URL
hxxps://mcd[.]static[.]buyweatherstriponline[.]com/merchantServices
hxxps://ctiai[.]trial[.]buyintercomsonline[.]com/merchantServices
hxxps://huph[.]trial[.]buyintercomsonline[.]com/merchantServices
hxxps://fdab[.]static[.]buyweatherstriponline[.]com/merchantServices
hxxps://tisb[.]static[.]buyweatherstriponline[.]com/merchantServices
hxxps://ypkye[.]static[.]buyweatherstriponline[.]com/merchantServices
hxxps://faph[.]static[.]buyweatherstriponline[.]com/merchantServices
hxxps://uwq[.]trial[.]buyintercomsonline[.]com/merchantServices
hxxps://wvtg[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://kxwhf[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://rzhh[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://pjop[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://wpnci[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://rcx[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://envuh[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://gwrwn[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://btl[.]order[.]buyanemostatonline[.]com/merchantServices
hxxps://dkf[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://ddx[.]zone[.]ebuilderssource[.]com/merchantServices
hxxps://zycz[.]zone[.]ebuilderssource[.]com/merchantServices
hxxps://jbkpb[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://zszg[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://mcpa[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://qwamx[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://kutnk[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://thkdt[.]regular[.]ptbaconsulting[.]com/merchantServices
hxxps://sesraw[.]com/5a2w[.]js
hxxps://sesraw[.]com/js[.]php
hxxps://qosf[.]free[.]thebitmeister[.]com/orderReview
FAKEUPDATES


URL
hxxp://148[.]72[.]170[.]231:4444/BNET/receive[.]php
BlackNET RAT


URL
hxxp://185[.]208[.]156[.]153:6162/Vre
Vjw0rm


URL
hxxp://113[.]117[.]14[.]47:21666/Mozi[.]m
Mozi




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxps://mocdrol[.]com[.]br/streamingplatforms[.]bin hxxp://135[.]125[.]246[.]54/xampp/nco/nc/greatturningpointofentirelifegivenmebestthingsforgetbacktome[.]hta hxxp://152[.]228[.]229[.]214/301/sww/shereallyliketokissy9uuoisheismygirlfriendswholovesmetrulygo[.]hta hxxp://51[.]68[.]144[.]140/xampp/kbl/kk/mybestkingifindedeverfromtheworldofnewthingsgetmebackbetterplace[.]hta hxxps://weixe[.]ir/txt/89oQilINVVAhwigj7[.]exe	Remcos
URL	hxxp://62[.]60[.]226[.]64/public_files/kSddSSp[.]txt hxxps://captivatingkeepsakes[.]shop/S5[.]mp4 hxxp://5[.]253[.]59[.]205:7777/confirma3[.]com/Captcha hxxps://composedmny[.]cyou/api hxxps://edgedoplastuyc[.]click/api hxxps://lastywaxer[.]click/api hxxps://suppleregareds[.]shop/api hxxps://stingyerasjhru[.]click/api hxxp://62[.]60[.]226[.]64/public_files/mearpck[.]txt hxxp://5[.]253[.]59[.]205:7777/confirma2[.]com/Captcha hxxps://minlliving[.]biz/api	Lumma Stealer
URL	hxxps://95[.]215[.]207[.]176/70d63ca8a5be6cc3/sqlite3[.]dll hxxps://95[.]215[.]207[.]176/70d63ca8a5be6cc3/mozglue[.]dll hxxps://212[.]34[.]148[.]47/f3920c55236c2636/vcruntime140[.]dll hxxp://91[.]239[.]53[.]29/d925e943a21dd486/softokn3[.]dll hxxp://94[.]131[.]100[.]83/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll hxxp://94[.]131[.]100[.]83/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll	Stealc
URL	hxxp://149[.]88[.]66[.]68/test[.]mp3 hxxps://api[.]telegram[.]org/bot8175192176:AAHZuZ0-rHS66YSwsvh8-gQjbZYSbY3IyXo/sendMessage hxxps://api[.]telegram[.]org/bot6679282300:AAGbOMigj8BL4XN9ZHdgg5mtGSlrkMuWBnE/sendMessage hxxps://api[.]telegram[.]org/bot7376203764:AAEFwAqU9MdiHgUg8-nR20gbWW7Ua9qtU4w/sendMessage hxxp://45[.]141[.]26[.]234/1[.]vbs	AsyncRAT
URL	hxxp://109[.]71[.]252[.]202/X86_64 hxxp://185[.]121[.]15[.]223/bee hxxp://209[.]141[.]35[.]180/m68k hxxp://209[.]141[.]35[.]180/mips hxxp://209[.]141[.]35[.]180/i686 hxxp://209[.]141[.]35[.]180/mipsel hxxp://209[.]141[.]35[.]180/sh4 hxxp://209[.]141[.]35[.]180/x86 hxxp://209[.]141[.]35[.]180/arm61 hxxp://209[.]141[.]35[.]180/586 hxxp://209[.]141[.]35[.]180/co hxxp://209[.]141[.]35[.]180/ppc hxxp://209[.]141[.]35[.]180/dss	Bashlite
URL	hxxp://741300cm[.]nyashnyash[.]ru/PacketdbWindows[.]php hxxp://38[.]180[.]145[.]185/DatalifeLocalGeneratorPipe/gamebase/Provider5/Game2TemporaryLongpoll/UploadsSecureProton/WpBigloadhttp4/51/external/03linuxWordpress/Datalife8javascriptProcessor/videoVmTopacketAuthBigloadServerdbTesttemporary[.]php	DCRat
URL	hxxp://193[.]143[.]1[.]205/invoice[.]php	StrelaStealer
URL	hxxps://bit[.]smogturfprance[.]shop/deniro[.]png hxxps://solve[.]ooeu[.]org/awjsx[.]captcha hxxps://solve[.]eiui[.]org/awjsx[.]captcha hxxps://solve[.]ueeu[.]org/awjsx[.]captcha hxxps://solve[.]iyuu[.]org/awjsx[.]captcha	ClearFake
URL	hxxp://172[.]245[.]123[.]21/xampp/swee/maybegetbestresultsforfreshfruitskissingaroundtheglobalforyou[.]hta hxxp://192[.]3[.]95[.]229/madamwebxxxxxxxxxxxxxxxxxxxxxxxxxxx897675645687980[.]txt hxxp://192[.]3[.]95[.]229/siscorppppxxxxxxxxxxxxxxxxxxxxxxxx433[.]txt	Agent Tesla
URL	hxxp://3[.]86[.]167[.]64/fag2[.]exe hxxp://3[.]86[.]167[.]64/test[.]exe hxxp://45[.]83[.]244[.]141/Files/Loli[.]bat	Quasar RAT
URL	hxxp://192[.]210[.]215[.]7/372/nic/givemebestthingsforgodshakebetterplaceforbeatuty[.]hta	MASS Logger
URL	hxxp://23[.]176[.]184[.]108/i686	MooBot
URL	hxxp://5[.]253[.]59[.]205:7777/confirma3[.]com/NetworkSysToolsvCardSplitandPremiumSetup[.]msi	DanaBot
URL	hxxps://api[.]telegram[.]org/bot7664186157:AAHBDRAKxcixTkc-YXHNylLjI0ZkZfIUxE8/sendMessage?chat_id=6443825857 hxxps://api[.]telegram[.]org/bot7684022823:AAFw0jHSu-b4qs6N7yC88nUOR8ovPrCdIrs/sendMessage?chat_id=6542615755	DarkCloud
URL	hxxp://46[.]183[.]222[.]162/bcxgfhgsf/Panel/five/fre[.]php hxxp://46[.]183[.]222[.]162/jcxgfhgsf/Panel/five/fre[.]php hxxp://46[.]183[.]222[.]162/bcxgfhgsf/Panel/five/PvqDq929BSx_A_D_M1n_a[.]php	LokiBot
URL	hxxp://b-need-for-speed[.]online/u3n6hcu6te3b46gc	TrickMo
URL	hxxps://api[.]telegram[.]org/bot7920003586:AAHBMriHaNCFiZ4OQ4NdecriTbdf93HSOJo/sendMessage?chat_id=7174574119	Snake Keylogger
URL	hxxp://77[.]87[.]77[.]110/logout[.]php	BetaBot
URL	hxxp://38[.]55[.]134[.]182:8000/123[.]ps1	Cobalt Strike
URL	hxxp://38[.]55[.]134[.]182:8000/2[.]elf hxxp://38[.]55[.]134[.]182:8000/1[.]elf hxxp://38[.]55[.]134[.]182:8000/shell[.]elf	ConnectBack
URL	hxxp://107[.]175[.]76[.]130/shell[.]exe	Metasploit
URL	hxxps://stayfitcenter[.]com/1-28934892/34959304583-mad[.]zip hxxps://stayfitcenter[.]com/as[.]txt	HijackLoader
URL	hxxp://82[.]115[.]223[.]9/contact	AMOS
URL	hxxp://193[.]31[.]41[.]206/wp-content/estreatingMFJSH[.]exe hxxp://193[.]31[.]41[.]206/wp-content/crunchilya5wYg[.]ps1	Azorult
URL	hxxp://92[.]255[.]57[.]155/yxnwkvfks28y/plugins/vnc[.]exe	TinyNuke
URL	hxxp://45[.]83[.]244[.]141/Files/encryption[.]exe	XWorm
URL	hxxps://mcd[.]static[.]buyweatherstriponline[.]com/merchantServices hxxps://ctiai[.]trial[.]buyintercomsonline[.]com/merchantServices hxxps://huph[.]trial[.]buyintercomsonline[.]com/merchantServices hxxps://fdab[.]static[.]buyweatherstriponline[.]com/merchantServices hxxps://tisb[.]static[.]buyweatherstriponline[.]com/merchantServices hxxps://ypkye[.]static[.]buyweatherstriponline[.]com/merchantServices hxxps://faph[.]static[.]buyweatherstriponline[.]com/merchantServices hxxps://uwq[.]trial[.]buyintercomsonline[.]com/merchantServices hxxps://wvtg[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://kxwhf[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://rzhh[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://pjop[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://wpnci[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://rcx[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://envuh[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://gwrwn[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://btl[.]order[.]buyanemostatonline[.]com/merchantServices hxxps://dkf[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://ddx[.]zone[.]ebuilderssource[.]com/merchantServices hxxps://zycz[.]zone[.]ebuilderssource[.]com/merchantServices hxxps://jbkpb[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://zszg[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://mcpa[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://qwamx[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://kutnk[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://thkdt[.]regular[.]ptbaconsulting[.]com/merchantServices hxxps://sesraw[.]com/5a2w[.]js hxxps://sesraw[.]com/js[.]php hxxps://qosf[.]free[.]thebitmeister[.]com/orderReview	FAKEUPDATES
URL	hxxp://148[.]72[.]170[.]231:4444/BNET/receive[.]php	BlackNET RAT
URL	hxxp://185[.]208[.]156[.]153:6162/Vre	Vjw0rm
URL	hxxp://113[.]117[.]14[.]47:21666/Mozi[.]m	Mozi

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております