D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様5社: 2023/12/04
※2023/12/04 更新
マルウェア感染させると考えられるURLを検知（2023/12/04）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://80[.]66[.]89[.]123/Multi/Python7/4Cdn/Api/Proton/PollCpugameApiDefaultLinuxgeneratorWp[.]php
hxxp://94[.]131[.]112[.]229/b1e57687[.]php
hxxp://740307cm[.]nyashland[.]top/PollCpuUpdatetempCdn[.]php
hxxp://185[.]234[.]247[.]107/PythonjavascriptPollwindowslocalcdn[.]php
hxxp://185[.]234[.]247[.]107/DCRatBuild[.]exe
hxxp://491061cm[.]nyashland[.]top/ServerSqlbaseasync[.]php
hxxp://213[.]159[.]208[.]250/linePythonjavascriptbigloadprotectflowerCentral[.]php
DCRat


URL
hxxp://65[.]109[.]237[.]171/file/Jey2[.]exe
hxxp://65[.]109[.]237[.]171/file/Jey1[.]exe
hxxp://rimatextile[.]com/Kolodi[.]exe
hxxp://193[.]37[.]71[.]56/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://193[.]37[.]71[.]56/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://80[.]66[.]89[.]151/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://80[.]66[.]89[.]151/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://213[.]248[.]43[.]99/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://213[.]248[.]43[.]99/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://193[.]233[.]132[.]4/autorun[.]exe
RedLine Stealer


URL
hxxp://5[.]181[.]80[.]126/Elbfyhag[.]exe
hxxp://5[.]181[.]80[.]126/Zrwjjtizco[.]exe
Formbook


URL
hxxp://equiticoy[.]top/vasity/aby[.]exe
hxxp://91[.]92[.]250[.]98/droidfileftpwithcontactrecoverybase64[.]txt
hxxp://equiticoy[.]top/vasity/bdol[.]exe
hxxp://equiticoy[.]top/vasity/nerd[.]exe
hxxp://91[.]92[.]250[.]98/thursdayyyyyy[.]exe
hxxps://api[.]telegram[.]org/bot5866032214:AAFIOyXMBAXtSDPbd1lqRSgP4WSftaTimg4/
hxxp://91[.]92[.]246[.]47/idew[.]js
hxxp://185[.]172[.]128[.]113/ma[.]exe
hxxp://185[.]172[.]128[.]160/ma[.]exe
hxxp://91[.]92[.]250[.]100/herewgo[.]exe
hxxp://91[.]92[.]250[.]100/Microsoftdeletedentirehistoryfromthepcalsocookiecachetoo[.]Doc
hxxps://discord[.]com/api/webhooks/1176621449583263805/5JKryEUiTfkpFgwR0jfx1lxhlHrdD27Aj8EDwTK5fF7OvWWBv_Qi0oMYi0fTpMW-lLTE
hxxps://discord[.]com/api/webhooks/1179958435408785428/jLjV5a_ciZdpd6t2s27CGCikXETJ6crcchofeUrAVpoZUDRhP4jkMHHhD4ltJmgZhIap
hxxp://91[.]92[.]246[.]47/simoogn[.]txt
hxxp://91[.]92[.]246[.]47/4ygvd[.]txt
hxxp://91[.]92[.]246[.]47/simiz[.]js
hxxp://91[.]92[.]246[.]47/kjox[.]exe
Agent Tesla


URL
hxxp://178[.]128[.]238[.]137/index[.]php/4988
hxxp://178[.]128[.]238[.]137/index[.]php/25064245498223
hxxp://178[.]128[.]238[.]137/index[.]php/zh02adM3fSWt6k4vzbl8LB09
LokiBot


URL
hxxp://45[.]40[.]96[.]169:4411/tl30[.]zip
Grandoreiro


URL
hxxp://91[.]92[.]250[.]98/primebase6444444[.]txt
XWorm


URL
hxxps://piokf[.]sync[.]oystergardens[.]club/editContent
hxxps://ocbnx[.]sync[.]oystergardens[.]club/editContent
hxxps://nggw[.]sync[.]oystergardens[.]club/editContent
hxxps://sdigg[.]sync[.]oystergardens[.]club/editContent
hxxps://tdbzj[.]sync[.]oystergardens[.]club/editContent
hxxps://fdfik[.]sync[.]oystergardens[.]club/editContent
FAKEUPDATES


URL
hxxp://77[.]91[.]76[.]36/3886d2276f6914c4[.]php
hxxp://5[.]42[.]64[.]35/syncUpd[.]exe
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/mozglue[.]dll
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/softokn3[.]dll
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/sqlite3[.]dll
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/vcruntime140[.]dll
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/msvcp140[.]dll
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/freebl3[.]dll
hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/nss3[.]dll
Stealc


URL
hxxps://185[.]196[.]8[.]105/NSo5rJixZDUwZOb2/
hxxps://cantationnatationclass1[.]net/NSo5rJixZDUwZOb2/
hxxps://cantationnatationclass2[.]net/NSo5rJixZDUwZOb2/
hxxps://cantationnatationclass3[.]net/NSo5rJixZDUwZOb2/
hxxps://cantationnatationclass4[.]net/NSo5rJixZDUwZOb2/
hxxps://cantationnatationclass5[.]net/NSo5rJixZDUwZOb2/
hxxps://cm603lzeyxdw[.]site/MTU2OWE0NzJjNGY5/
hxxps://cm603lzeyxdw1[.]site/MTU2OWE0NzJjNGY5/
hxxps://arw2he7x57wp[.]pw/MTU2OWE0NzJjNGY5/
hxxps://cm603lzeyxdw[.]biz/MTU2OWE0NzJjNGY5/
hxxps://9r8i1u84t2gp[.]online/MTU2OWE0NzJjNGY5/
hxxps://arw2he7x57wp1[.]pw/MTU2OWE0NzJjNGY5/
hxxps://9r8i1u84t2gp1[.]online/MTU2OWE0NzJjNGY5/
hxxps://cm603lzeyxdw[.]space/MTU2OWE0NzJjNGY5/
hxxps://yjf241z0uu75[.]info/MTU2OWE0NzJjNGY5/
hxxps://5a9udxg6l6gd[.]su/MTU2OWE0NzJjNGY5/
hxxps://sabgggsabggg[.]top/M2EyOTM2M2FlY2My/
hxxps://sabgggsabgggsabggg[.]top/M2EyOTM2M2FlY2My/
hxxps://nisiqnisiq[.]top/M2EyOTM2M2FlY2My/
hxxps://fujetgue[.]shop/M2EyOTM2M2FlY2My/
hxxps://xijunggao[.]com/M2EyOTM2M2FlY2My/
hxxps://fujevvvtgue[.]com/M2EyOTM2M2FlY2My/
hxxps://abgggpoh[.]top/M2EyOTM2M2FlY2My/
Coper


URL
hxxps://acotechgh[.]com/fEOV2v/
hxxps://acotechgh[.]com/a3A7qLVn
hxxps://brushremovalequipment[.]com/lander/feqsdqdsq/_cf[.]php
hxxps://brushremovalequipment[.]com/a3A7qLVn
hxxps://brushremovalequipment[.]com/fEOV2v/
hxxps://greatesttreatise[.]com/a3A7qLVn
hxxps://greatesttreatise[.]com/fEOV2v/
hxxps://easyloanbazzar[.]com/a3A7qLVn
hxxps://easyloanbazzar[.]com/fEOV2v/
ClearFake


URL
hxxp://slabbymenusportef[.]pw/api
hxxps://marrakechfolkloredays[.]ma/wp-content/uploads/2022/05/logo2[.]jpg
hxxps://marrakechfolkloredays[.]ma/wp-content/uploads/2022/05/tecn[.]jpg
hxxp://cropfemininedynam[.]pw/api
hxxp://pinkipinevazzey[.]pw/api
hxxp://thinkroarseso[.]pw/api
hxxp://rimatextile[.]com/new_v2[.]exe
hxxps://downloads[.]media-talk[.]ru/TrueCrypt_Kmd0Ws[.]exe
hxxp://rimatextile[.]com/Output[.]exe
hxxp://smoothawarescreenyo[.]pw/api
hxxp://admplous[.]pw/api
hxxp://baitbillioledbel[.]pw/api
hxxp://buffettrickopsd[.]pw/api
Lumma Stealer


URL
hxxp://185[.]123[.]53[.]208/Lightshot[.]dll
hxxp://185[.]123[.]53[.]208/lightshot[.]hta
DarkGate


URL
hxxp://185[.]81[.]157[.]148:777/g[.]jpg
hxxp://94[.]156[.]71[.]74/hjio[.]exe
hxxps://pasteio[.]com/download/xLLgLHaVdlKC
hxxps://textbin[.]net/raw/ezjmofz3s6
hxxps://textbin[.]net/raw/vr5wj5h8b6
hxxps://pasteio[.]com/download/xce2srtqyMIB
hxxp://162[.]244[.]210[.]198:222/n1[.]txt
hxxp://162[.]244[.]210[.]198:222/1[.]xml
hxxp://162[.]244[.]210[.]198:222/re/enc[.]jpg
hxxp://162[.]244[.]210[.]198:222/enc[.]jpg
hxxp://162[.]244[.]210[.]198:222/T[.]jpg
hxxp://162[.]244[.]210[.]198:222/re/enc[.]png
hxxp://162[.]244[.]210[.]198:222/g[.]jpg
hxxp://162[.]244[.]210[.]198:222/2[.]xml
hxxp://162[.]244[.]210[.]198:222/w3ll[.]jpg
hxxp://162[.]244[.]210[.]198:222/3[.]txt
hxxp://162[.]244[.]210[.]198:222/2[.]txt
hxxp://162[.]244[.]210[.]198:222/re/ss[.]txt
hxxp://46[.]8[.]158[.]224:8000/Havoc/TEST[.]exe
hxxp://46[.]8[.]158[.]224:8000/Client[.]exe
AsyncRAT


URL
hxxps://37[.]120[.]247[.]80/cm
hxxps://8[.]130[.]123[.]131/j[.]ad
hxxp://167[.]114[.]90[.]242:8088/dpixel
hxxp://wpengine[.]clsr[.]ca/__utm[.]gif
hxxp://47[.]96[.]94[.]237:8080/__utm[.]gif
hxxp://117[.]50[.]184[.]100:8888/dot[.]gif
hxxp://103[.]179[.]243[.]198:8088/__utm[.]gif
hxxp://139[.]155[.]159[.]81:8086/fwlink
hxxp://186[.]64[.]113[.]28/cm
hxxps://124[.]222[.]140[.]151/cx
hxxps://update[.]windows-beta[.]info/c/msdownload/update/others/2023/10/29136388_
hxxp://4[.]156[.]171[.]17:8080/jquery-3[.]3[.]1[.]min[.]js
hxxp://175[.]178[.]111[.]34:18080/jquery-3[.]3[.]1[.]min[.]js
hxxp://37[.]120[.]247[.]80:8080/load
hxxp://43[.]249[.]9[.]208/visit[.]js
hxxp://115[.]159[.]64[.]94/ga[.]js
hxxps://47[.]232[.]145[.]107/IE9CompatViewList[.]xml
hxxp://111[.]67[.]197[.]58/IE9CompatViewList[.]xml
hxxp://82[.]157[.]44[.]254/activity
hxxp://8[.]134[.]161[.]181:4848/ca
hxxp://134[.]122[.]75[.]115:23/match
hxxps://download[.]micknow[.]com/jquery-3[.]3[.]1[.]min[.]js
hxxps://eas[.]cqivc[.]com/jquery-3[.]3[.]1[.]min[.]js
hxxp://124[.]71[.]158[.]221/load
hxxp://128[.]199[.]70[.]91:2096/__utm[.]gif
hxxp://123[.]56[.]194[.]52/load
hxxp://47[.]109[.]102[.]98:81/pixel[.]gif
hxxp://47[.]116[.]198[.]16:3333/cm
hxxps://4[.]156[.]171[.]17/jquery-3[.]3[.]1[.]min[.]js
hxxps://43[.]136[.]185[.]137:46638/define/cookies/J7Y8XV07BJQ
hxxps://217[.]160[.]99[.]73/fam_calendar[.]css
hxxps://143[.]92[.]58[.]106/ga[.]js
hxxp://149[.]28[.]243[.]22:8080/en_US/all[.]js
hxxps://101[.]43[.]45[.]243:8443/Microsoft/owa/
hxxp://149[.]28[.]243[.]22:9000/pixel
hxxp://149[.]28[.]243[.]22/dpixel
hxxp://116[.]204[.]122[.]201:88/report[.]exe
hxxp://116[.]204[.]122[.]201/en_US/all[.]js
hxxp://134[.]122[.]75[.]115:23/updates[.]rss
hxxp://124[.]70[.]187[.]37:7777/g[.]pixel
hxxp://134[.]122[.]75[.]115/activity
hxxp://101[.]34[.]222[.]38:8081/activity
hxxp://134[.]122[.]75[.]115:26/push
hxxp://128[.]199[.]153[.]222/activity
hxxp://111[.]230[.]47[.]95:808/jquery-3[.]3[.]1[.]min[.]js
hxxp://157[.]245[.]28[.]175:8000/quit/fk/B4ZAO0SJ2
hxxps://121[.]41[.]107[.]20/push
hxxp://47[.]113[.]191[.]88/cm
hxxp://43[.]139[.]151[.]208/ga[.]js
hxxp://146[.]190[.]8[.]159/cx
hxxp://101[.]200[.]37[.]16/cm
hxxp://94[.]156[.]71[.]254/cx
Cobalt Strike


URL
hxxp://51[.]255[.]78[.]213/Osrcypi[.]exe
hxxp://163[.]123[.]142[.]171:8080/file/1701007523-Hzxlsavkq[.]exe
hxxp://185[.]196[.]8[.]238/ca2[.]exe
zgRAT


URL
hxxps://raw[.]githubusercontent[.]com/shiwisha1/Roblox-Cookie-Stealer/main/Roblox/Stealer%20Resou%E2%80%AEnls[.]scr
hxxps://cdn[.]discordapp[.]com/attachments/1172213687210225774/1179899267909951589/a[.]exe
ClipBanker


URL
hxxps://pasteio[.]com/raw/xJB9fCeYZjet
hxxp://107[.]173[.]143[.]18/155/wlanext[.]exe
hxxp://107[.]173[.]143[.]18/html/microsoftdeletedentirehistorycachecookiefromthepc[.]Doc
hxxps://pasteio[.]com/raw/xZqm4ZfZikBO
Remcos


URL
hxxp://163[.]123[.]142[.]171:8080/file/1701008833-Ywnbevy[.]exe
hxxp://195[.]20[.]16[.]153/xmrig[.]exe
hxxp://163[.]123[.]142[.]171:8080/file/1701517543-Srnsa[.]exe
Coinminer


URL
hxxp://109[.]107[.]182[.]3/moda/good[.]exe
PrivateLoader


URL
hxxp://5[.]181[.]156[.]131/9x83HE5AFD/arm7[.]jade
Bashlite


URL
hxxp://98[.]126[.]19[.]29/s/twelv[.]exe
CloudEyE


URL
hxxps://koroshishere[.]site/api/
hxxps://koroshishere[.]site/config/
hxxps://koroshishere[.]site/config/-1001228456341
hxxps://koroshishere[.]site/api/-1001228456341
hxxps://koroshishere[.]site/api/-1001228456341?encrypted=true
IRATA


URL
hxxp://195[.]20[.]16[.]153/svchost[.]exe
NjRAT


URL
hxxp://102[.]33[.]72[.]27:45651/Mozi[.]m
Mozi


URL
hxxp://77[.]91[.]76[.]37/g8samsA2/Plugins/clip64[.]dll
hxxp://sibcomputer[.]ru/forum/Plugins/clip64[.]dll
hxxp://brodoyouevenlift[.]co[.]za/g9sdjScV2/Plugins/clip64[.]dll
hxxp://brodoyouevenlift[.]co[.]za/g9sdjScV2/Plugins/cred64[.]dll
hxxp://77[.]91[.]76[.]37/g8samsA2/Plugins/cred64[.]dll
hxxp://185[.]172[.]128[.]121/ama[.]exe
Amadey


URL
hxxp://94[.]198[.]53[.]143:8000/WILD_PRIDE[.]exe
Sliver


URL
hxxp://45[.]129[.]2[.]67:8080/1[.]exe
MimiKatz


URL
hxxp://46[.]8[.]158[.]224:8000/Havoc/payloads/Shellcode[.]x64[.]bin
hxxp://46[.]8[.]158[.]224:8000/Havoc/payloads/DllLdr[.]x64[.]bin
hxxp://62[.]210[.]207[.]211:8000/demon[.]x64[.]exe
hxxp://46[.]8[.]158[.]224:8000/Havoc/payloads/Shellcode[.]x86[.]bin
Havoc


URL
hxxp://5[.]181[.]21[.]33/ntpd
hxxp://5[.]181[.]21[.]33/openssh
hxxp://5[.]181[.]21[.]33/pftp
hxxp://5[.]181[.]21[.]33/bash
hxxp://5[.]181[.]21[.]33/watchdog
hxxp://5[.]181[.]21[.]33/apache2
hxxp://5[.]181[.]21[.]33/wget
hxxp://5[.]181[.]21[.]33/ftp
hxxp://5[.]181[.]21[.]33/cron
hxxp://5[.]181[.]21[.]33/sshd
Tsunami


URL
hxxp://94[.]198[.]53[.]143:8000/VmManagedSetup[.]exe
SystemBC


URL
hxxp://185[.]172[.]128[.]19/toolspub2[.]exe
hxxp://45[.]153[.]184[.]199/smkpro[.]exe
SmokeLoader


URL
hxxp://globalcitydelivery[.]com/azo/index[.]php
Azorult




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://80[.]66[.]89[.]123/Multi/Python7/4Cdn/Api/Proton/PollCpugameApiDefaultLinuxgeneratorWp[.]php hxxp://94[.]131[.]112[.]229/b1e57687[.]php hxxp://740307cm[.]nyashland[.]top/PollCpuUpdatetempCdn[.]php hxxp://185[.]234[.]247[.]107/PythonjavascriptPollwindowslocalcdn[.]php hxxp://185[.]234[.]247[.]107/DCRatBuild[.]exe hxxp://491061cm[.]nyashland[.]top/ServerSqlbaseasync[.]php hxxp://213[.]159[.]208[.]250/linePythonjavascriptbigloadprotectflowerCentral[.]php	DCRat
URL	hxxp://65[.]109[.]237[.]171/file/Jey2[.]exe hxxp://65[.]109[.]237[.]171/file/Jey1[.]exe hxxp://rimatextile[.]com/Kolodi[.]exe hxxp://193[.]37[.]71[.]56/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://193[.]37[.]71[.]56/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://80[.]66[.]89[.]151/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://80[.]66[.]89[.]151/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://213[.]248[.]43[.]99/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://213[.]248[.]43[.]99/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://193[.]233[.]132[.]4/autorun[.]exe	RedLine Stealer
URL	hxxp://5[.]181[.]80[.]126/Elbfyhag[.]exe hxxp://5[.]181[.]80[.]126/Zrwjjtizco[.]exe	Formbook
URL	hxxp://equiticoy[.]top/vasity/aby[.]exe hxxp://91[.]92[.]250[.]98/droidfileftpwithcontactrecoverybase64[.]txt hxxp://equiticoy[.]top/vasity/bdol[.]exe hxxp://equiticoy[.]top/vasity/nerd[.]exe hxxp://91[.]92[.]250[.]98/thursdayyyyyy[.]exe hxxps://api[.]telegram[.]org/bot5866032214:AAFIOyXMBAXtSDPbd1lqRSgP4WSftaTimg4/ hxxp://91[.]92[.]246[.]47/idew[.]js hxxp://185[.]172[.]128[.]113/ma[.]exe hxxp://185[.]172[.]128[.]160/ma[.]exe hxxp://91[.]92[.]250[.]100/herewgo[.]exe hxxp://91[.]92[.]250[.]100/Microsoftdeletedentirehistoryfromthepcalsocookiecachetoo[.]Doc hxxps://discord[.]com/api/webhooks/1176621449583263805/5JKryEUiTfkpFgwR0jfx1lxhlHrdD27Aj8EDwTK5fF7OvWWBv_Qi0oMYi0fTpMW-lLTE hxxps://discord[.]com/api/webhooks/1179958435408785428/jLjV5a_ciZdpd6t2s27CGCikXETJ6crcchofeUrAVpoZUDRhP4jkMHHhD4ltJmgZhIap hxxp://91[.]92[.]246[.]47/simoogn[.]txt hxxp://91[.]92[.]246[.]47/4ygvd[.]txt hxxp://91[.]92[.]246[.]47/simiz[.]js hxxp://91[.]92[.]246[.]47/kjox[.]exe	Agent Tesla
URL	hxxp://178[.]128[.]238[.]137/index[.]php/4988 hxxp://178[.]128[.]238[.]137/index[.]php/25064245498223 hxxp://178[.]128[.]238[.]137/index[.]php/zh02adM3fSWt6k4vzbl8LB09	LokiBot
URL	hxxp://45[.]40[.]96[.]169:4411/tl30[.]zip	Grandoreiro
URL	hxxp://91[.]92[.]250[.]98/primebase6444444[.]txt	XWorm
URL	hxxps://piokf[.]sync[.]oystergardens[.]club/editContent hxxps://ocbnx[.]sync[.]oystergardens[.]club/editContent hxxps://nggw[.]sync[.]oystergardens[.]club/editContent hxxps://sdigg[.]sync[.]oystergardens[.]club/editContent hxxps://tdbzj[.]sync[.]oystergardens[.]club/editContent hxxps://fdfik[.]sync[.]oystergardens[.]club/editContent	FAKEUPDATES
URL	hxxp://77[.]91[.]76[.]36/3886d2276f6914c4[.]php hxxp://5[.]42[.]64[.]35/syncUpd[.]exe hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/mozglue[.]dll hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/softokn3[.]dll hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/sqlite3[.]dll hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/vcruntime140[.]dll hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/msvcp140[.]dll hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/freebl3[.]dll hxxp://77[.]91[.]76[.]36/f059ec3d7eb90876/nss3[.]dll	Stealc
URL	hxxps://185[.]196[.]8[.]105/NSo5rJixZDUwZOb2/ hxxps://cantationnatationclass1[.]net/NSo5rJixZDUwZOb2/ hxxps://cantationnatationclass2[.]net/NSo5rJixZDUwZOb2/ hxxps://cantationnatationclass3[.]net/NSo5rJixZDUwZOb2/ hxxps://cantationnatationclass4[.]net/NSo5rJixZDUwZOb2/ hxxps://cantationnatationclass5[.]net/NSo5rJixZDUwZOb2/ hxxps://cm603lzeyxdw[.]site/MTU2OWE0NzJjNGY5/ hxxps://cm603lzeyxdw1[.]site/MTU2OWE0NzJjNGY5/ hxxps://arw2he7x57wp[.]pw/MTU2OWE0NzJjNGY5/ hxxps://cm603lzeyxdw[.]biz/MTU2OWE0NzJjNGY5/ hxxps://9r8i1u84t2gp[.]online/MTU2OWE0NzJjNGY5/ hxxps://arw2he7x57wp1[.]pw/MTU2OWE0NzJjNGY5/ hxxps://9r8i1u84t2gp1[.]online/MTU2OWE0NzJjNGY5/ hxxps://cm603lzeyxdw[.]space/MTU2OWE0NzJjNGY5/ hxxps://yjf241z0uu75[.]info/MTU2OWE0NzJjNGY5/ hxxps://5a9udxg6l6gd[.]su/MTU2OWE0NzJjNGY5/ hxxps://sabgggsabggg[.]top/M2EyOTM2M2FlY2My/ hxxps://sabgggsabgggsabggg[.]top/M2EyOTM2M2FlY2My/ hxxps://nisiqnisiq[.]top/M2EyOTM2M2FlY2My/ hxxps://fujetgue[.]shop/M2EyOTM2M2FlY2My/ hxxps://xijunggao[.]com/M2EyOTM2M2FlY2My/ hxxps://fujevvvtgue[.]com/M2EyOTM2M2FlY2My/ hxxps://abgggpoh[.]top/M2EyOTM2M2FlY2My/	Coper
URL	hxxps://acotechgh[.]com/fEOV2v/ hxxps://acotechgh[.]com/a3A7qLVn hxxps://brushremovalequipment[.]com/lander/feqsdqdsq/_cf[.]php hxxps://brushremovalequipment[.]com/a3A7qLVn hxxps://brushremovalequipment[.]com/fEOV2v/ hxxps://greatesttreatise[.]com/a3A7qLVn hxxps://greatesttreatise[.]com/fEOV2v/ hxxps://easyloanbazzar[.]com/a3A7qLVn hxxps://easyloanbazzar[.]com/fEOV2v/	ClearFake
URL	hxxp://slabbymenusportef[.]pw/api hxxps://marrakechfolkloredays[.]ma/wp-content/uploads/2022/05/logo2[.]jpg hxxps://marrakechfolkloredays[.]ma/wp-content/uploads/2022/05/tecn[.]jpg hxxp://cropfemininedynam[.]pw/api hxxp://pinkipinevazzey[.]pw/api hxxp://thinkroarseso[.]pw/api hxxp://rimatextile[.]com/new_v2[.]exe hxxps://downloads[.]media-talk[.]ru/TrueCrypt_Kmd0Ws[.]exe hxxp://rimatextile[.]com/Output[.]exe hxxp://smoothawarescreenyo[.]pw/api hxxp://admplous[.]pw/api hxxp://baitbillioledbel[.]pw/api hxxp://buffettrickopsd[.]pw/api	Lumma Stealer
URL	hxxp://185[.]123[.]53[.]208/Lightshot[.]dll hxxp://185[.]123[.]53[.]208/lightshot[.]hta	DarkGate
URL	hxxp://185[.]81[.]157[.]148:777/g[.]jpg hxxp://94[.]156[.]71[.]74/hjio[.]exe hxxps://pasteio[.]com/download/xLLgLHaVdlKC hxxps://textbin[.]net/raw/ezjmofz3s6 hxxps://textbin[.]net/raw/vr5wj5h8b6 hxxps://pasteio[.]com/download/xce2srtqyMIB hxxp://162[.]244[.]210[.]198:222/n1[.]txt hxxp://162[.]244[.]210[.]198:222/1[.]xml hxxp://162[.]244[.]210[.]198:222/re/enc[.]jpg hxxp://162[.]244[.]210[.]198:222/enc[.]jpg hxxp://162[.]244[.]210[.]198:222/T[.]jpg hxxp://162[.]244[.]210[.]198:222/re/enc[.]png hxxp://162[.]244[.]210[.]198:222/g[.]jpg hxxp://162[.]244[.]210[.]198:222/2[.]xml hxxp://162[.]244[.]210[.]198:222/w3ll[.]jpg hxxp://162[.]244[.]210[.]198:222/3[.]txt hxxp://162[.]244[.]210[.]198:222/2[.]txt hxxp://162[.]244[.]210[.]198:222/re/ss[.]txt hxxp://46[.]8[.]158[.]224:8000/Havoc/TEST[.]exe hxxp://46[.]8[.]158[.]224:8000/Client[.]exe	AsyncRAT
URL	hxxps://37[.]120[.]247[.]80/cm hxxps://8[.]130[.]123[.]131/j[.]ad hxxp://167[.]114[.]90[.]242:8088/dpixel hxxp://wpengine[.]clsr[.]ca/__utm[.]gif hxxp://47[.]96[.]94[.]237:8080/__utm[.]gif hxxp://117[.]50[.]184[.]100:8888/dot[.]gif hxxp://103[.]179[.]243[.]198:8088/__utm[.]gif hxxp://139[.]155[.]159[.]81:8086/fwlink hxxp://186[.]64[.]113[.]28/cm hxxps://124[.]222[.]140[.]151/cx hxxps://update[.]windows-beta[.]info/c/msdownload/update/others/2023/10/29136388_ hxxp://4[.]156[.]171[.]17:8080/jquery-3[.]3[.]1[.]min[.]js hxxp://175[.]178[.]111[.]34:18080/jquery-3[.]3[.]1[.]min[.]js hxxp://37[.]120[.]247[.]80:8080/load hxxp://43[.]249[.]9[.]208/visit[.]js hxxp://115[.]159[.]64[.]94/ga[.]js hxxps://47[.]232[.]145[.]107/IE9CompatViewList[.]xml hxxp://111[.]67[.]197[.]58/IE9CompatViewList[.]xml hxxp://82[.]157[.]44[.]254/activity hxxp://8[.]134[.]161[.]181:4848/ca hxxp://134[.]122[.]75[.]115:23/match hxxps://download[.]micknow[.]com/jquery-3[.]3[.]1[.]min[.]js hxxps://eas[.]cqivc[.]com/jquery-3[.]3[.]1[.]min[.]js hxxp://124[.]71[.]158[.]221/load hxxp://128[.]199[.]70[.]91:2096/__utm[.]gif hxxp://123[.]56[.]194[.]52/load hxxp://47[.]109[.]102[.]98:81/pixel[.]gif hxxp://47[.]116[.]198[.]16:3333/cm hxxps://4[.]156[.]171[.]17/jquery-3[.]3[.]1[.]min[.]js hxxps://43[.]136[.]185[.]137:46638/define/cookies/J7Y8XV07BJQ hxxps://217[.]160[.]99[.]73/fam_calendar[.]css hxxps://143[.]92[.]58[.]106/ga[.]js hxxp://149[.]28[.]243[.]22:8080/en_US/all[.]js hxxps://101[.]43[.]45[.]243:8443/Microsoft/owa/ hxxp://149[.]28[.]243[.]22:9000/pixel hxxp://149[.]28[.]243[.]22/dpixel hxxp://116[.]204[.]122[.]201:88/report[.]exe hxxp://116[.]204[.]122[.]201/en_US/all[.]js hxxp://134[.]122[.]75[.]115:23/updates[.]rss hxxp://124[.]70[.]187[.]37:7777/g[.]pixel hxxp://134[.]122[.]75[.]115/activity hxxp://101[.]34[.]222[.]38:8081/activity hxxp://134[.]122[.]75[.]115:26/push hxxp://128[.]199[.]153[.]222/activity hxxp://111[.]230[.]47[.]95:808/jquery-3[.]3[.]1[.]min[.]js hxxp://157[.]245[.]28[.]175:8000/quit/fk/B4ZAO0SJ2 hxxps://121[.]41[.]107[.]20/push hxxp://47[.]113[.]191[.]88/cm hxxp://43[.]139[.]151[.]208/ga[.]js hxxp://146[.]190[.]8[.]159/cx hxxp://101[.]200[.]37[.]16/cm hxxp://94[.]156[.]71[.]254/cx	Cobalt Strike
URL	hxxp://51[.]255[.]78[.]213/Osrcypi[.]exe hxxp://163[.]123[.]142[.]171:8080/file/1701007523-Hzxlsavkq[.]exe hxxp://185[.]196[.]8[.]238/ca2[.]exe	zgRAT
URL	hxxps://raw[.]githubusercontent[.]com/shiwisha1/Roblox-Cookie-Stealer/main/Roblox/Stealer%20Resou%E2%80%AEnls[.]scr hxxps://cdn[.]discordapp[.]com/attachments/1172213687210225774/1179899267909951589/a[.]exe	ClipBanker
URL	hxxps://pasteio[.]com/raw/xJB9fCeYZjet hxxp://107[.]173[.]143[.]18/155/wlanext[.]exe hxxp://107[.]173[.]143[.]18/html/microsoftdeletedentirehistorycachecookiefromthepc[.]Doc hxxps://pasteio[.]com/raw/xZqm4ZfZikBO	Remcos
URL	hxxp://163[.]123[.]142[.]171:8080/file/1701008833-Ywnbevy[.]exe hxxp://195[.]20[.]16[.]153/xmrig[.]exe hxxp://163[.]123[.]142[.]171:8080/file/1701517543-Srnsa[.]exe	Coinminer
URL	hxxp://109[.]107[.]182[.]3/moda/good[.]exe	PrivateLoader
URL	hxxp://5[.]181[.]156[.]131/9x83HE5AFD/arm7[.]jade	Bashlite
URL	hxxp://98[.]126[.]19[.]29/s/twelv[.]exe	CloudEyE
URL	hxxps://koroshishere[.]site/api/ hxxps://koroshishere[.]site/config/ hxxps://koroshishere[.]site/config/-1001228456341 hxxps://koroshishere[.]site/api/-1001228456341 hxxps://koroshishere[.]site/api/-1001228456341?encrypted=true	IRATA
URL	hxxp://195[.]20[.]16[.]153/svchost[.]exe	NjRAT
URL	hxxp://102[.]33[.]72[.]27:45651/Mozi[.]m	Mozi
URL	hxxp://77[.]91[.]76[.]37/g8samsA2/Plugins/clip64[.]dll hxxp://sibcomputer[.]ru/forum/Plugins/clip64[.]dll hxxp://brodoyouevenlift[.]co[.]za/g9sdjScV2/Plugins/clip64[.]dll hxxp://brodoyouevenlift[.]co[.]za/g9sdjScV2/Plugins/cred64[.]dll hxxp://77[.]91[.]76[.]37/g8samsA2/Plugins/cred64[.]dll hxxp://185[.]172[.]128[.]121/ama[.]exe	Amadey
URL	hxxp://94[.]198[.]53[.]143:8000/WILD_PRIDE[.]exe	Sliver
URL	hxxp://45[.]129[.]2[.]67:8080/1[.]exe	MimiKatz
URL	hxxp://46[.]8[.]158[.]224:8000/Havoc/payloads/Shellcode[.]x64[.]bin hxxp://46[.]8[.]158[.]224:8000/Havoc/payloads/DllLdr[.]x64[.]bin hxxp://62[.]210[.]207[.]211:8000/demon[.]x64[.]exe hxxp://46[.]8[.]158[.]224:8000/Havoc/payloads/Shellcode[.]x86[.]bin	Havoc
URL	hxxp://5[.]181[.]21[.]33/ntpd hxxp://5[.]181[.]21[.]33/openssh hxxp://5[.]181[.]21[.]33/pftp hxxp://5[.]181[.]21[.]33/bash hxxp://5[.]181[.]21[.]33/watchdog hxxp://5[.]181[.]21[.]33/apache2 hxxp://5[.]181[.]21[.]33/wget hxxp://5[.]181[.]21[.]33/ftp hxxp://5[.]181[.]21[.]33/cron hxxp://5[.]181[.]21[.]33/sshd	Tsunami
URL	hxxp://94[.]198[.]53[.]143:8000/VmManagedSetup[.]exe	SystemBC
URL	hxxp://185[.]172[.]128[.]19/toolspub2[.]exe hxxp://45[.]153[.]184[.]199/smkpro[.]exe	SmokeLoader
URL	hxxp://globalcitydelivery[.]com/azo/index[.]php	Azorult

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております