サイバーリスク情報提供 Dアラート 特許取得済み

不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0 URLアクセスした
弊社お客様11
2023/11/10
※2023/11/10 更新
マルウェア感染させると考えられるURLを検知(2023/11/10) 
■IoC(※1)





Type:
IOC:
Signature:




URL
hxxp://zang1[.]almashreaq[.]top/_errorpages/pablozx[.]exe
hxxp://103[.]29[.]3[.]200/W0811T/wininit[.]exe		
Formbook




URL
hxxp://zang1[.]almashreaq[.]top/_errorpages/spacezx[.]exe
hxxp://91[.]92[.]247[.]154/secured/wp/Adobe[.]exe
hxxp://141[.]98[.]10[.]56/260/audiodgs[.]exe
hxxps://api[.]telegram[.]org/bot6269987416:AAG6zNo4-_Q7z6DsD3GSHzWnAtV91tmzqDs/
hxxps://api[.]telegram[.]org/bot6315817429:AAFaWPzyMaqv9eNDTnmSVnPVr3Lwrh4mzqw/
hxxps://discord[.]com/api/webhooks/1171723200741257216/Gcyp-_pKpHXDEZGtrdsBTGVDcc2OYUckNC6AxqbtT3aDfY8F2m1FbeqnjbOgcclH0Zqy
hxxps://cdn[.]discordapp[.]com/attachments/1168491335322447905/1172175066340003922/PO_STH0000514-3pdf[.]7z		
Agent Tesla




URL
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/nss3[.]dll
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/sqlite3[.]dll
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/freebl3[.]dll
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/mozglue[.]dll
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/vcruntime140[.]dll
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/softokn3[.]dll
hxxp://77[.]91[.]124[.]154/a5a762673348bc06/msvcp140[.]dll
hxxp://128[.]140[.]84[.]205/3b7d27a7af0da219[.]php
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/nss3[.]dll
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/mozglue[.]dll
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/sqlite3[.]dll
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/vcruntime140[.]dll
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/freebl3[.]dll
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/msvcp140[.]dll
hxxp://128[.]140[.]84[.]205/f2d2d42ce0397093/softokn3[.]dll		
Stealc




URL
hxxp://bagsrad[.]com:8099/yorry/server1[.]exe
hxxp://bagsrad[.]com:7014/qoary/mlight/paid[.]php
hxxp://bagsrad[.]com/qoary/mlight/paid[.]php		
LokiBot




URL
hxxp://naamberso[.]pw/api
hxxp://turankil[.]pw/api		
Lumma Stealer




URL
hxxps://mcguffinboots[.]com/vvmd54/
hxxps://mcguffinboots[.]com/ZgbN19Mx
hxxps://mcguffinboots[.]com/lander/chrome_1695206714/_index[.]php
hxxps://jonathanbonnici[.]com/ZgbN19Mx
hxxps://jonathanbonnici[.]com/vvmd54/		
ClearFake




URL
hxxp://79[.]137[.]192[.]18/latestmar[.]exe
hxxp://5[.]42[.]92[.]190/fks/index[.]php		
SmokeLoader




URL
hxxps://buildingblend[.]com/[.]well-known/Challan[.]zip
hxxps://buildingblend[.]com/wp-content/Payment%20Channel[.]zip		
Kutaki




URL
hxxp://194[.]49[.]94[.]67/files/InstallSetup2[.]exe
Amadey




URL
hxxp://gobo11fc[.]top/build[.]exe
hxxp://gons13fc[.]top/build[.]exe		
Emotet




URL
hxxp://163[.]181[.]39[.]33/updates[.]rss
hxxp://114[.]132[.]56[.]13:8080/match
hxxp://121[.]40[.]243[.]103:8080/ga[.]js
hxxp://146[.]190[.]72[.]135:8081/activity
hxxp://31[.]44[.]184[.]232/match
hxxp://123[.]60[.]151[.]249/load
hxxp://154[.]204[.]56[.]105:9999/en_US/all[.]js
hxxp://52[.]2[.]208[.]222/fwlink
hxxp://62[.]234[.]54[.]38:8033/RELEASE
hxxps://funtermedia[.]com/Read/_admin/92UMHKQR
hxxps://update[.]twittermisc[.]com/check
hxxp://43[.]139[.]61[.]204/dpixel
hxxp://92[.]63[.]196[.]46:8092/__utm[.]gif
hxxp://101[.]43[.]49[.]244:8888/load
hxxp://92[.]63[.]196[.]45:82/match
hxxp://116[.]62[.]24[.]245/IE9CompatViewList[.]xml
hxxp://92[.]63[.]196[.]45:81/visit[.]js
hxxp://124[.]221[.]76[.]197/cx
hxxp://162[.]14[.]73[.]248:8080/en_US/all[.]js
hxxp://43[.]138[.]118[.]67/dot[.]gif
hxxp://vpn[.]handyfang[.]top:9000/u1Sd
hxxp://150[.]109[.]103[.]16/update
hxxp://156[.]247[.]9[.]31/cx
hxxps://dev[.]theokanegroup[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
hxxp://150[.]109[.]103[.]16:808/check		
Cobalt Strike




URL
hxxp://49[.]13[.]31[.]229/tC1n0/insup
hxxp://49[.]13[.]75[.]67/WTouf67/Gurra
hxxps://aestheticscc[.]com/dan/
hxxps://anyerdeliv[.]com/eip/
hxxps://dorkarindustries[.]com/la/
hxxps://amanet-sector-6-zeus[.]ro/er/
hxxps://bossajazzbrasil[.]com/mnu/
hxxps://erpsolutions[.]asia/smun/
hxxps://examiner[.]org[.]pk/ti/
hxxps://finmen[.]in/min/
hxxps://pawgears[.]com/enu/
hxxps://chiphiduhoc[.]com/sc/
hxxps://cdxcd[.]com/mia/
hxxps://gagapictures[.]com/oiiq/
hxxps://dev[.]njc[.]gov[.]ng/lo/
hxxps://70northair[.]com/ioi/
hxxps://dynomia[.]ca/uel/
hxxps://deesudcoolingtower[.]com/rm/
hxxps://expancio[.]us/ueq/
hxxps://allbase[.]energy/an/
hxxps://ziwatti[.]ac[.]ke/arla/
hxxps://cycling-today[.]live/un/
hxxps://elegantknitting[.]lk/xae/
hxxps://escritordiario[.]online/elau/
hxxps://amtc-dz[.]com/eca/
hxxps://books[.]ttc[.]edu[.]sg/deeq/
hxxps://autolebrija[.]com/si/
hxxps://audiroamaapp[.]com/senp/
hxxps://adnanltd[.]com/dmt/
hxxps://alwahacare[.]com/euq/
hxxps://compunetlimited[.]com/ec/
hxxps://aploza[.]com/nrn/
hxxps://bernalpliego[.]com/reit/
hxxps://annualpost[.]com/cm/
hxxps://advat[.]com[.]ng/itde/
hxxps://clubedetoxdaalma[.]com[.]br/esd/
hxxps://himalayainternational[.]in/teus/
hxxps://zmelectronique[.]store/atec/
hxxps://asociatiaimunis[.]ro/cpt/
hxxps://abcomunicacionesperu[.]com/luu/
hxxps://dapproid[.]com/aipa/
hxxps://eighttimeseight[.]com/eo/
hxxps://fmpmalaysia[.]com/gm/
hxxps://xlevel[.]com[.]ec/ps/
hxxps://caocuongtravel[.]com[.]vn/tli/
hxxps://gandmchapmanpainting[.]com[.]au/rpuo/
hxxps://bluelogic[.]ro/iis/
hxxps://bandcresort[.]com/ue/
hxxps://fingerimpression[.]in/dfco/
hxxps://dzt[.]hr/vi/
hxxps://coachingfinancieroconfidencial[.]com/olv/
hxxps://audit[.]njc[.]gov[.]ng/erm/
hxxps://bigwigbiography[.]com/asle/
hxxps://doutoravanessaramos[.]com[.]br/et/
hxxps://19dm82[.]info/oat/
hxxps://gpcorporate[.]co[.]za/ro/
hxxps://elansquare[.]co/ium/
hxxps://creatify[.]co[.]in/dn/
hxxps://consorciofacil[.]com[.]ar/oile/
hxxps://bitware[.]tec[.]br/ette/
hxxps://afmanagers[.]com[.]ng/vmil/
hxxps://royalrich[.]ro/ns/
hxxps://fakhryfoundation[.]org/aqiu/
hxxps://cruzrojareanima[.]cl/im/
hxxps://cleangreenva[.]com/sbei/
hxxps://dealersuzukisolo[.]com/ea/
hxxps://emandmore[.]hu/qe/
hxxps://doctordentistrebeca[.]ro/be/
hxxps://ahiaapcc[.]ly/ele/
hxxps://associatedwindowcleaners[.]co[.]uk/ldo/
hxxps://appointcenter[.]com/uat/
hxxps://frioborges[.]com[.]ve/cpra/
hxxps://assadara-group[.]com/ntae/
hxxps://capstone-ds[.]com/oaeq/
hxxps://alarko[.]com[.]ar/mt/
hxxps://mhusseinib[.]com/aacu/
hxxps://arthawirawan[.]com/rd/
hxxps://bravemc[.]info/lqso/
hxxps://gconsultores[.]com[.]co/eau/
hxxps://allamehellischool[.]ir/te/
hxxps://eskierproperty[.]com/dua/
hxxps://3dapexdesign[.]com/paam/
hxxps://cotul[.]or[.]tz/ce/
hxxps://alibasi[.]com/qur/
hxxps://agenciasim[.]mx/itdo/
hxxps://chessvalleyautos[.]co[.]uk/teu/
hxxps://ejsplasteringlimited[.]com/sutc/
hxxps://aller[.]com[.]ar/evl/
hxxps://escritordiario[.]com[.]br/ue/
hxxps://babooblack[.]com/uqu/
hxxps://zaakversneller[.]nl/ater/
hxxps://asdf-api[.]com/ihnn/
hxxps://diemdenduhoc[.]net/ra/
hxxps://citycentredubai[.]com/eebe/
hxxps://avd[.]asia/mm/
hxxps://edificiocomercial[.]com[.]br/abo/
hxxps://comfort[.]mk/dact/
hxxps://abcdelectricity[.]com/et/
hxxps://dailygoldsignals[.]com/bse/
hxxps://azarbamdelijan[.]ir/ee/
hxxps://askaindo[.]com/el/
hxxps://etanb[.]com/mta/
hxxps://egdcreation[.]com/std/
hxxps://essentialservicesnsw[.]com/esp/
hxxps://devbitssolutions[.]com/rl/
hxxps://durangos[.]com[.]co/coif/
hxxps://emergencyplumberscroydon[.]co[.]uk/vre/
hxxps://bankextracts[.]com/in/
hxxps://arinosolidale[.]org/oevr/
hxxps://balens[.]com[.]tw/pt/
hxxps://epicyon-kennel[.]hr/in/
hxxps://app[.]b33[.]ma/oucp/
hxxps://almost4x4[.]com/miu/
hxxps://davidsuclea[.]ro/socn/
hxxps://athith[.]sa/rte/
hxxps://d-land[.]pk/uqu/
hxxps://jmbordados[.]com[.]br/ene/
hxxps://fluidpowerservicesng[.]com/issa/
hxxps://ajmanmall[.]com/esp/
hxxps://akshayeewealth[.]com/aptm/
hxxps://thevillagegroup[.]mx/sai/
hxxps://frienddy[.]pro/qbu/
hxxps://carlaperez[.]com[.]br/exri/
hxxps://calenda[.]edu[.]co/dsu/
hxxps://mediplanner-plt[.]com/ies/
hxxps://construtorafantus[.]com[.]br/tta/
hxxps://corpzuniga[.]com/nu/
hxxps://alzein-m[.]com/eldq/
hxxps://blue-digital[.]net/iu/
hxxps://cid[.]mr/das/
hxxps://gitutors[.]co[.]za/ec/
hxxps://eieindonesia[.]com/oqu/
hxxps://dintisorcare[.]ro/eect/
hxxps://dralbuja[.]com/ddlo/
hxxps://crpao[.]ac[.]th/oia/
hxxps://cwhawkins[.]org/lrnh/
hxxps://dpp[.]hn/mree/
hxxps://djgdistribuciones[.]com/tnei/
hxxps://avitamedicina[.]com[.]br/smu/
hxxps://arcrosarquitectura[.]com/aur/
hxxps://sgs-gabon[.]com/outi/
hxxps://dentxl[.]in/bs/
hxxps://atrox[.]pk/so/
hxxps://shohada-sane[.]ir/iin/
hxxps://adminradio[.]net/se/
hxxps://findinit[.]com/ai/
hxxps://balustradeinox[.]info/at/
hxxps://rdmittifaqiah[.]com/ro/
hxxps://damightdata[.]com[.]ng/in/
hxxps://ezmartlk[.]lk/nl/
hxxps://estandaringenieros[.]com[.]pe/onsu/
hxxps://ofiprintsas[.]com/nat/
hxxps://jasmin-studios[.]ro/qii/
hxxps://clubul-tineretului[.]ro/uau/
hxxps://evcol[.]co/uurt/
hxxps://aerotecbi[.]com[.]ar/iam/
hxxps://3inkadvertising[.]com/obll/
hxxps://bnnbee[.]com/or/
hxxps://africanresponse[.]co[.]za/tiu/
hxxps://encore6[.]jig[.]media/pmu/
hxxps://asotic[.]org/imni/
hxxps://elamat[.]co[.]zw/te/
hxxps://cluematrix[.]in/abe/
hxxps://celiapenco[.]com[.]br/sau/
hxxps://bravekonnect[.]com[.]ng/icih/
hxxps://foreverus[.]in/cms/
hxxps://joinvilleseguranca[.]com[.]br/mita/
hxxps://aasanionline[.]com/itn/
hxxps://dublados[.]com[.]br/mi/
hxxps://awana[.]co[.]zw/qeu/
hxxps://chanchalsoft[.]com/iua/
hxxps://repostedjohn[.]com/rcai/
hxxps://belgiumclubsstv[.]be/ui/
hxxps://emporchid[.]com/sam/
hxxps://domesticasia[.]com/atu/
hxxps://dicdoc[.]pro/naug/
hxxps://vepworld[.]com/mps/
hxxps://beauticiousbronze[.]com/udia/
hxxps://centreon[.]net/stet/
hxxps://creativoagencia[.]pe/slm/
hxxps://adzllp[.]com/us/
hxxps://caopositivo[.]com[.]br/it/
hxxps://fortunehills[.]in/so/
hxxps://diresaica[.]gob[.]pe/tq/
hxxps://rydlandtransport[.]no/mtt/
hxxps://icuc-international[.]org/tsau/
hxxps://infaccocr[.]com/do/
hxxps://diliganz[.]lk/eamn/
hxxps://maddoctech[.]com/am/
hxxps://souq-alshashat[.]com/tu/
hxxps://bimmodeling[.]net/cdm/
hxxps://chandakchai[.]com/ga/
hxxps://primetechnologies[.]net[.]pk/uoti/
hxxps://consignadoparatodos[.]com[.]br/qorn/
hxxps://maquinadenegocios[.]com[.]br/ue/
hxxps://htingenieria[.]com[.]mx/al/
hxxps://iemagreen[.]com/eqe/
hxxps://br-360[.]com/eot/
hxxps://globalhunttechnologies[.]in/ii/
hxxps://kamygraphics[.]com/ofut/
hxxps://mypricex[.]com/dl/
hxxps://fivenca[.]com/epet/
hxxps://rabinsld[.]com[.]np/ic/
hxxps://pardeshparcelseva[.]com/nnot/
hxxps://srg[.]az/eau/
hxxps://gpoacclavilla[.]com/qn/
hxxps://myfirstangelgh[.]com/tsu/
hxxps://kurlyplanet[.]com/ost/
hxxps://pbautosrecovery[.]com/asit/
hxxps://breadwater[.]online/ipee/
hxxps://sindicaturadetecate[.]gob[.]mx/msu/
hxxps://centralfinance[.]com[.]np/ium/		
Pikabot




URL
hxxps://professorxavier[.]agr[.]br/wp-content/uploads/mainner/s-nov-VKLADZ4631[.]url
DarkGate




URL
hxxp://stim[.]graspalace[.]com/order/tuc19[.]exe
Socks5 Systemz




URL
hxxps://mosamamashhad[.]com/facerein/i[.]exe
SystemBC




URL
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll
hxxp://5[.]181[.]159[.]13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll		
RecordBreaker




URL
hxxp://5[.]42[.]92[.]93/39902/from[.]exe
hxxp://5[.]42[.]92[.]93/1002/need[.]exe
hxxp://194[.]49[.]94[.]72/1[.]exe
hxxp://5[.]42[.]92[.]93/i/smo[.]exe
hxxp://185[.]229[.]66[.]214/TrueCrypt_PcLHkL[.]exe		
RedLine Stealer




URL
hxxp://118821cm[.]nyashkoon[.]top/nyashsupport[.]php
DCRat




URL
hxxp://185[.]241[.]208[.]231/T0911F/smss[.]exe
DBatLoader






※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況(※2)
▽i-FILTER(※3)
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

※ 特許取得済み(特許6716051号)/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Dアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」
▲「i-FILTER@Cloud Dアラート配信レポートサービス」の詳細はこちらから
イベント・セミナー情報