D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様1社: 2024/04/30
※2024/04/30 更新
マルウェア感染させると考えられるURLを検知（2024/04/30）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://taketa[.]top/JavascriptPollMultigeneratordatalife[.]php
hxxp://842614cm[.]n9shteam2[.]top/videosecureasyncDatalifeUploads[.]php
hxxp://178546cm[.]n9shteam3[.]top/gameCentraluploads[.]php
hxxp://212[.]113[.]106[.]125/Windows/DownloadsLongpoll/GeneratorImage/wordpress/Wp6datalife0/phpJavascripthttpprotectFlower[.]php
hxxp://188[.]120[.]242[.]235/ExternalPythonPhpSecuretrafficTestlocaltempUploadsDownloads[.]php
hxxp://550515cm[.]n9shteam2[.]top/eternalUpdatebigloaduniversalDatalife[.]php
hxxp://796367cm[.]n9shteam2[.]top/ProvidervideoPythondefaultPrivate[.]php
hxxp://intopart[.]top/Eternalpollgeocpu[.]php
hxxp://85[.]159[.]231[.]54/polldbSecureuploads/Datalife21sql/58/5Db/Temporary4wordpress/Image/videosecureAuthbaseasyncTrafficCdn[.]php
hxxp://055442cm[.]n9shteam2[.]top/EternalpollProtectTrafficWordpressLocaltempdownloads[.]php
hxxp://994609cm[.]n9shteam2[.]top/imagevmpipepythonjavascriptauthlocal[.]php
hxxps://pasteio[.]com/raw/xmZCCEl54fXw
DCRat


URL
hxxp://85[.]203[.]42[.]194/en_US/all[.]js
hxxp://39[.]105[.]191[.]1:18888/lt8E
hxxps://8[.]138[.]119[.]180/owa/
hxxps://1[.]14[.]96[.]69/ca
hxxp://47[.]113[.]150[.]236:7777/dot[.]gif
hxxps://185[.]229[.]237[.]201/metro91/admin/1/ppptp[.]jpg
hxxp://111[.]230[.]98[.]22/cm
hxxp://43[.]130[.]252[.]161:8888/__utm[.]gif
hxxp://209[.]222[.]0[.]68/visit[.]js
hxxp://60[.]205[.]115[.]92:8011/ptj
hxxps://38[.]147[.]170[.]150:8443/activity
hxxp://8[.]138[.]119[.]180:8080/owa/
hxxp://43[.]139[.]205[.]56/en_US/all[.]js
hxxp://111[.]230[.]98[.]22:7777/ca
hxxps://118[.]31[.]116[.]9/jquery-3[.]3[.]1[.]min[.]js
hxxp://38[.]147[.]170[.]150:5555/updates[.]rss
hxxp://8[.]130[.]29[.]62/IE9CompatViewList[.]xml
hxxp://122[.]51[.]89[.]45/dot[.]gif
hxxp://119[.]91[.]218[.]68/ca
hxxp://43[.]136[.]43[.]49/IE9CompatViewList[.]xml
hxxp://ns1[.]anonymouskids[.]uk/image/
hxxp://mail[.]metadate[.]services/push
hxxp://65[.]20[.]85[.]214/dpixel
hxxp://43[.]157[.]90[.]6/load
hxxps://192[.]227[.]137[.]122/dot[.]gif
hxxp://134[.]209[.]27[.]35/oscp/
hxxp://47[.]236[.]28[.]67/updates[.]rss
hxxp://service-qyygkf1k-1307679590[.]gz[.]tencentapigw[.]com[.]cn/api/getit
hxxp://47[.]92[.]151[.]17/lib/v2/wcp-consent[.]js
hxxp://3[.]86[.]13[.]34/visit[.]js
hxxp://154[.]201[.]83[.]203/pixel[.]gif
hxxp://154[.]12[.]23[.]153/activity
hxxp://www[.]nickelviper[.]com/push
hxxp://185[.]104[.]181[.]135/zC
hxxps://www[.]gfyl[.]fun/jquery-3[.]3[.]1[.]min[.]js
hxxps://139[.]159[.]241[.]73/industry_solutions/test
hxxps://185[.]216[.]117[.]157/updates[.]rss
hxxp://47[.]120[.]17[.]76:3306/jquery-3[.]3[.]1[.]min[.]js
hxxps://121[.]37[.]230[.]155/start/burst
hxxps://124[.]222[.]173[.]133/preserve/Extranet/LFF00FQ6U2H0
hxxps://39[.]98[.]157[.]4/activity
hxxps://8[.]130[.]34[.]85/pixel[.]gif
hxxps://1488[.]winstate[.]cc/dot[.]gif
hxxps://39[.]98[.]157[.]4:8089/fwlink
hxxp://43[.]251[.]159[.]58:8637/load
hxxp://106[.]14[.]75[.]240:8099/cx
hxxp://43[.]139[.]235[.]226:8089/fwlink
hxxp://39[.]104[.]230[.]184:6666/ga[.]js
hxxps://106[.]14[.]75[.]240:1443/IE9CompatViewList[.]xml
hxxp://49[.]232[.]208[.]22/ga[.]js
hxxp://bb[.]makkgg[.]fyi:8080/push
hxxps://154[.]12[.]29[.]59/ptj
hxxps://39[.]98[.]157[.]4:8888/ptj
hxxp://81[.]71[.]127[.]160:8888/IE9CompatViewList[.]xml
hxxp://162[.]14[.]107[.]218/visit[.]js
hxxps://43[.]138[.]222[.]123/push
hxxp://45[.]116[.]79[.]9/ptj
hxxps://101[.]33[.]192[.]242/rewardsapp/ncfooter
hxxp://120[.]46[.]130[.]73:6666/g[.]pixel
hxxp://101[.]43[.]191[.]108:9998/j[.]ad
hxxp://156[.]224[.]20[.]92/IE9CompatViewList[.]xml
hxxp://37[.]27[.]11[.]209:8023/pixel[.]gif
hxxps://128[.]199[.]178[.]134/visit[.]js
hxxp://101[.]43[.]165[.]220/IE9CompatViewList[.]xml
hxxp://101[.]201[.]54[.]74:1234/ptj
hxxp://116[.]205[.]189[.]199:6666/dpixel
hxxps://bb[.]makkgg[.]fyi/pixel[.]gif
hxxps://cs[.]h1ll0[.]cs[.]in:4433/updates[.]rss
hxxps://111[.]230[.]12[.]198:88/pixel[.]gif
hxxps://101[.]201[.]54[.]74/IE9CompatViewList[.]xml
hxxp://60[.]204[.]217[.]11:9998/cm
hxxp://c[.]hcgos[.]com/ca
hxxp://39[.]105[.]191[.]1:8080/pixel[.]gif
hxxp://119[.]91[.]45[.]113:55891/api/x
hxxps://101[.]201[.]54[.]74:9999/dpixel
hxxp://111[.]67[.]195[.]152:3333/pixel[.]gif
hxxps://www[.]yamaxun[.]blog/Originate/v4[.]01/QGQTNORA
hxxp://134[.]122[.]75[.]115:23/ga[.]js
hxxp://147[.]78[.]47[.]184:8092/dpixel
hxxp://60[.]204[.]208[.]32/cm
hxxp://134[.]122[.]75[.]115/push
hxxps://42[.]51[.]45[.]241/pixel
hxxps://134[.]122[.]75[.]115:444/j[.]ad
hxxp://103[.]47[.]82[.]210:8888/cm
hxxp://103[.]47[.]82[.]210:8889/g[.]pixel
hxxp://click[.]buys[.]ru:8080/jquery-3[.]3[.]1[.]min[.]js
hxxps://service-e22kp8jz-1259321672[.]bj[.]tencentapigw[.]com[.]cn/jquerys-6[.]3[.]5[.]max[.]js
hxxps://qax[.]gsldedie[.]sbs:2087/462c30d592f23b18/jquery/3[.]7[.]1/jquery[.]min[.]js
hxxps://logist[.]cct-logistics[.]com:8443/jquery-3[.]3[.]1[.]min[.]js
hxxp://176[.]32[.]35[.]104:82/pixel[.]gif
hxxp://176[.]32[.]35[.]104:8090/match
hxxp://176[.]32[.]35[.]104:81/dot[.]gif
hxxp://io[.]cy789[.]ml:2095/IE9CompatViewList[.]xml
hxxps://104[.]214[.]168[.]71/updates[.]rss
hxxp://38[.]47[.]107[.]44/fwlink
hxxp://47[.]96[.]72[.]192/dot[.]gif
hxxp://106[.]14[.]143[.]151:8085/j[.]ad
hxxps://213[.]1[.]229[.]142:8443/_/scs/mail-static/_/js/
hxxp://www[.]chinamobile[.]live:8080/api/3
hxxps://38[.]60[.]217[.]159/load
hxxp://116[.]205[.]185[.]98/ga[.]js
hxxp://116[.]62[.]197[.]217:81/pixel[.]gif
hxxp://54[.]37[.]226[.]59/__utm[.]gif
hxxp://154[.]201[.]73[.]20/pixel[.]gif
hxxp://www[.]chinamobile[.]live/api/3
hxxps://91[.]92[.]255[.]137/jquery-3[.]3[.]1[.]min[.]js
hxxp://91[.]92[.]255[.]137/jquery-3[.]3[.]1[.]min[.]js
hxxp://39[.]100[.]90[.]3/jquery[.]com/
hxxps://37[.]27[.]45[.]203/__utm[.]gif
hxxp://47[.]98[.]247[.]113:9999/cm
hxxp://45[.]116[.]79[.]9/match
hxxps://121[.]37[.]230[.]155/googleapi/affiliation/v1/affiliation:lookupByHashPrefix
hxxp://60[.]204[.]217[.]11:9998/pixel[.]gif
hxxp://122[.]51[.]220[.]170/updates[.]rss
hxxp://173[.]211[.]46[.]172/j[.]ad
hxxps://173[.]211[.]46[.]172/load
hxxps://47[.]98[.]247[.]113:2222/updates[.]rss
hxxp://123[.]60[.]181[.]152:8001/pixel[.]gif
hxxp://175[.]178[.]160[.]155:8080/g[.]pixel
hxxp://60[.]204[.]220[.]208/load
hxxps://cs[.]xfdaili[.]com/updates[.]rss
hxxp://123[.]207[.]50[.]191/api/stream
hxxp://cs[.]xfdaili[.]com/activity
hxxp://38[.]147[.]170[.]150:5555/cm
hxxp://88[.]214[.]26[.]29:8001/pixel
hxxp://111[.]229[.]158[.]40:888/j[.]ad
hxxp://124[.]71[.]106[.]234/cx
hxxp://47[.]120[.]52[.]161/g[.]pixel
hxxps://c[.]qqwhoami[.]org/updates
hxxp://www[.]qichen[.]fun:8123/ca
hxxps://8[.]134[.]11[.]7/push
hxxps://39[.]100[.]109[.]229/mall_100_100[.]html
hxxps://175[.]178[.]160[.]155:4443/cm
hxxp://47[.]113[.]150[.]236:7777/ga[.]js
hxxp://38[.]47[.]107[.]44/load
hxxp://118[.]31[.]118[.]253/pixel[.]gif
hxxps://38[.]147[.]170[.]150:8443/__utm[.]gif
hxxp://175[.]178[.]160[.]155/fwlink
hxxps://124[.]71[.]106[.]234/fwlink
hxxp://62[.]234[.]180[.]14:8089/IE9CompatViewList[.]xml
hxxps://106[.]14[.]141[.]234/zOMGAPT
hxxp://service-jj4sc5n0-1325804472[.]gz[.]tencentapigw[.]com[.]cn/api/x
hxxps://146[.]56[.]208[.]163/activity
hxxps://www[.]rollupdate[.]com/rn[.]js
hxxps://service-rkcvh0tf-1252325407[.]cd[.]tencentapigw[.]com/interface/picture/get
hxxp://120[.]55[.]100[.]239/ptj
hxxp://47[.]109[.]134[.]131/ca
hxxp://47[.]98[.]110[.]166/load
hxxp://175[.]178[.]49[.]159/cx
hxxp://124[.]223[.]213[.]106/push
hxxp://124[.]221[.]37[.]195/match
hxxp://118[.]195[.]209[.]57/__utm[.]gif
hxxp://106[.]54[.]211[.]150/dot[.]gif
hxxp://149[.]88[.]82[.]139/load
hxxp://60[.]204[.]170[.]160/IE9CompatViewList[.]xml
hxxp://91[.]92[.]251[.]108/ga[.]js
hxxp://43[.]139[.]235[.]226:8089/g[.]pixel
hxxp://45[.]116[.]79[.]9/__utm[.]gif
hxxp://60[.]204[.]220[.]208/IE9CompatViewList[.]xml
hxxp://134[.]122[.]75[.]115:23/dot[.]gif
hxxp://134[.]122[.]75[.]115/pixel[.]gif
hxxp://134[.]122[.]75[.]115:26/IE9CompatViewList[.]xml
hxxp://45[.]120[.]178[.]47/en_US/all[.]js
hxxp://123[.]60[.]181[.]152:8001/visit[.]js
hxxp://142[.]171[.]51[.]229/cx
hxxps://faceboy[.]shop/functionalStatus/UdV4kcIWNYksdzob3mbtIBDhLViCeeVlP
hxxp://62[.]204[.]41[.]11/ga[.]js
hxxps://62[.]204[.]41[.]11/dpixel
hxxp://156[.]245[.]13[.]61:8000/replacePara[.]exe
hxxp://156[.]245[.]13[.]36:8000/replacePara[.]exe
hxxp://156[.]245[.]13[.]101:8000/replacePara[.]exe
hxxp://visualstudio[.]microsoft[.]com[.]volcgslb-mlt[.]com/mall_100_100[.]html
hxxp://47[.]243[.]59[.]237/yi3H
hxxp://124[.]220[.]6[.]158/g[.]pixel
hxxp://47[.]115[.]215[.]30:9999/match
hxxp://124[.]220[.]148[.]63:8888/dpixel
hxxp://43[.]139[.]52[.]213:8088/pixel[.]gif
hxxp://157[.]245[.]12[.]65/updates[.]rss
hxxp://42[.]193[.]128[.]153/feedapi/v1/newsserver/api/getpassword
hxxp://123[.]206[.]115[.]56:6667/j[.]ad
hxxp://www[.]gfyl[.]fun:55554/jquery-3[.]3[.]1[.]min[.]js
hxxp://162[.]14[.]73[.]154/ca
hxxp://47[.]115[.]215[.]30:6666/__utm[.]gif
hxxps://35[.]229[.]251[.]245/match
hxxp://124[.]220[.]148[.]63:8889/match
hxxp://124[.]220[.]148[.]63:9000/IE9CompatViewList[.]xml
hxxps://134[.]122[.]130[.]181/jquery-3[.]3[.]1[.]min[.]js
hxxp://156[.]245[.]13[.]36:443/jquery-3[.]3[.]1[.]min[.]js
hxxp://47[.]99[.]188[.]195/fwlink
hxxp://52[.]190[.]15[.]163/match
hxxp://service-hh4fmtad-1321953982[.]sh[.]tencentapigw[.]com//api/x
hxxp://192[.]252[.]182[.]98:808/__utm[.]gif
hxxp://lebondogicoin[.]com:8080/Dequeue/mqseries/D7W0GTJFY
hxxp://ikea0[.]com:8080/Dequeue/mqseries/D7W0GTJFY
hxxp://91[.]238[.]181[.]230:8080/Dequeue/mqseries/D7W0GTJFY
hxxps://45[.]32[.]196[.]110/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike


URL
hxxp://94[.]156[.]79[.]193/arm7
hxxp://2[.]58[.]95[.]134/no_killer/mpsl
hxxp://94[.]156[.]79[.]193/m68k
hxxp://94[.]156[.]79[.]193/ppc
hxxp://94[.]156[.]79[.]193/sh4
hxxp://94[.]156[.]79[.]193/mipsel
hxxp://94[.]156[.]79[.]193/i686
hxxp://94[.]156[.]79[.]193/arm4
hxxp://94[.]156[.]79[.]193/sh
hxxp://94[.]156[.]79[.]193/r
hxxp://94[.]156[.]79[.]193/sparc
hxxp://srothanhlong[.]vn/assailant[.]arm6
hxxp://94[.]156[.]79[.]48/sauce[.]i686
hxxp://103[.]163[.]214[.]145/assailant[.]arm6
hxxp://94[.]156[.]79[.]48/sauce[.]x86
hxxp://94[.]156[.]79[.]48/sauce[.]Armv6l
hxxp://94[.]156[.]79[.]48/sauce[.]armv5
hxxp://94[.]156[.]79[.]48/sauce[.]i586
hxxp://94[.]156[.]79[.]48/sauce[.]armv4
hxxp://45[.]88[.]90[.]17/rebirth[.]x86
hxxp://94[.]156[.]79[.]48/sauce[.]mipsel
hxxp://94[.]156[.]79[.]48/sauce[.]sh4
hxxp://94[.]156[.]79[.]48/sauce[.]sparc
hxxp://94[.]156[.]79[.]48/sauce[.]ppc
hxxp://94[.]156[.]79[.]48/sauce[.]m68k
hxxp://45[.]88[.]90[.]17/rebirth[.]i686
hxxp://45[.]88[.]90[.]17/rebirth[.]mips
hxxp://45[.]88[.]90[.]17/rebirth[.]m68
hxxp://45[.]88[.]90[.]17/rebirth[.]ppc
hxxp://45[.]88[.]90[.]17/rebirth[.]arm4
hxxp://45[.]88[.]90[.]17/rebirth[.]spc
hxxp://45[.]88[.]90[.]17/rebirth[.]arm6
hxxp://45[.]88[.]90[.]17/rebirth[.]arm7
hxxp://45[.]88[.]90[.]17/rebirth[.]mpsl
hxxp://45[.]88[.]90[.]17/rebirth[.]sh4
hxxp://14[.]225[.]203[.]65/vlxx[.]mips
hxxp://14[.]225[.]203[.]65/vlxx[.]mpsl
hxxp://45[.]88[.]90[.]168/sshd
hxxp://45[.]88[.]90[.]168/telnetd
hxxp://103[.]166[.]184[.]95/m-6[.]8-k[.]Sakura
hxxp://103[.]166[.]184[.]95/a-r[.]m-6[.]Sakura
hxxp://185[.]196[.]8[.]31/roze[.]armv4
hxxp://94[.]156[.]66[.]236/sauce[.]Armv6l
hxxp://94[.]156[.]66[.]236/sauce[.]armv4
hxxp://5[.]253[.]246[.]39/zk[.]arm4
hxxp://5[.]42[.]102[.]198/rebirth[.]i686
hxxp://185[.]196[.]8[.]31/roze[.]mipsel
hxxp://185[.]196[.]8[.]31/roze[.]armv6
hxxp://185[.]196[.]8[.]31/roze[.]armv7
hxxp://185[.]196[.]8[.]31/roze[.]i686
hxxp://185[.]196[.]8[.]31/roze[.]armv5
hxxp://5[.]253[.]246[.]39/zk[.]i686
hxxp://94[.]156[.]66[.]236/sauce[.]i586
hxxp://185[.]196[.]8[.]31/roze[.]ppc
hxxp://94[.]156[.]66[.]236/sauce[.]i686
hxxp://185[.]196[.]8[.]31/roze[.]m68k
hxxp://94[.]156[.]66[.]236/sauce[.]x86
hxxp://185[.]196[.]8[.]31/roze[.]mips
hxxp://5[.]253[.]246[.]39/zk[.]x86
hxxp://5[.]253[.]246[.]39/zk[.]arm6
hxxp://94[.]156[.]66[.]236/sauce[.]mipsel
hxxp://94[.]156[.]66[.]236/sauce[.]sh4
hxxp://185[.]196[.]8[.]31/roze[.]sh4
hxxp://94[.]156[.]66[.]236/sauce[.]ppc
hxxp://5[.]253[.]246[.]39/zk[.]mpsl
hxxp://5[.]253[.]246[.]39/zk[.]sh4
hxxp://5[.]42[.]102[.]198/rebirth[.]arm4t
hxxp://94[.]156[.]66[.]236/sauce[.]m68k
hxxp://5[.]253[.]246[.]39/zk[.]arm4t
hxxp://94[.]156[.]66[.]236/sauce[.]sparc
hxxp://5[.]253[.]246[.]39/zk[.]arm7
hxxp://5[.]253[.]246[.]39/zk[.]ppc
hxxp://5[.]42[.]102[.]198/rebirth[.]arm6
hxxp://5[.]253[.]246[.]39/zk[.]arm5
hxxp://5[.]253[.]246[.]39/zk[.]spc
hxxp://5[.]253[.]246[.]39/zk[.]mips
hxxp://94[.]156[.]66[.]236/sauce[.]mips
hxxp://5[.]42[.]102[.]198/rebirth[.]m68
hxxp://5[.]253[.]246[.]39/zk[.]m68
hxxp://103[.]14[.]226[.]21/a-r[.]m-6[.]Sakura
hxxp://103[.]14[.]226[.]21/m-6[.]8-k[.]Sakura
hxxp://46[.]226[.]160[.]88/sakura[.]x86
hxxp://46[.]226[.]160[.]88/sakura[.]ppc
hxxp://46[.]226[.]160[.]88/sakura[.]arm7
hxxp://46[.]226[.]160[.]88/sakura[.]arm5
hxxp://46[.]226[.]160[.]88/sakura[.]mpsl
hxxp://46[.]226[.]160[.]88/sakura[.]sparc
hxxp://46[.]226[.]160[.]88/sakura[.]arm6
hxxp://185[.]38[.]142[.]103/arm61
hxxp://185[.]38[.]142[.]103/dss
hxxp://185[.]38[.]142[.]103/dc
hxxp://5[.]42[.]100[.]119/hidakibest[.]mips
hxxp://5[.]42[.]100[.]119/hidakibest[.]sparc
hxxp://5[.]42[.]100[.]119/hidakibest[.]mpsl
hxxp://5[.]42[.]100[.]119/hidakibest[.]arm7
hxxp://5[.]42[.]100[.]119/hidakibest[.]arm5
hxxp://5[.]42[.]100[.]119/hidakibest[.]x86
hxxp://5[.]42[.]100[.]119/hidakibest[.]ppc
Bashlite


URL
hxxps://api[.]telegram[.]org/bot7017233680:AAEfWTUjfiK5hxLLRkmgitv57SQZuFap4nQ/
hxxp://nitio[.]com/k2/Unconscientiousness[.]jpb
hxxp://nitio[.]com/k1/fdoImu226[.]bin
hxxps://api[.]telegram[.]org/bot6542794227:AAFN3zw1IO9ShlzjqfCM2wKZwSz3yRGzRas/
hxxp://23[.]95[.]60[.]77/eveninggreatformonkeykingtounderstandtheyfeelingtheloveandsxentirethingswhichneverbreakupallthingsfromtheheart___shemygirlmywifesheismy[.]doc
hxxps://api[.]telegram[.]org/bot7120748756:AAFZ1rNHWvZ2WKxfHU3qxCCnCA0rgvXj0Ts/
hxxps://api[.]telegram[.]org/bot6418207961:AAH1E3CkRrfH5aPds3LBLBZiKWkWD7qbX90/
hxxps://api[.]telegram[.]org/bot5239412158:AAHXn8rC3uvBHy_kv77GtIcxcuvBuXcKD_8/
Agent Tesla


URL
hxxps://jeuxviddeo[.]com/zyohg9odyvknmq9zlh
hxxps://fluggis[.]com/QuasarLanTest[.]exe
Quasar RAT


URL
hxxps://85[.]209[.]133[.]106/slasl[.]txt
hxxps://104[.]243[.]38[.]245/wGALtypQiCmIxDhX[.]txt
hxxps://104[.]243[.]38[.]245/whQWPyHkpfaIRRMB[.]jpg
hxxps://85[.]209[.]133[.]106/bar[.]jpg
hxxp://193[.]26[.]115[.]230:555/h[.]jpg
hxxp://193[.]26[.]115[.]230:555/t87[.]txt
hxxps://193[.]26[.]115[.]238/blo[.]txt
hxxps://193[.]26[.]115[.]238/ssh[.]jpg
hxxps://193[.]26[.]115[.]238/ock[.]txt
hxxps://41[.]216[.]188[.]20/dt[.]txt
hxxps://41[.]216[.]188[.]20/b[.]jpg
hxxp://94[.]156[.]128[.]246/a[.]exe
hxxps://tmpfiles[.]org/dl/5248630/msedge1[.]exe
hxxps://s2r[.]tn/A/windows[.]txt
AsyncRAT


URL
hxxp://www[.]langzzzblog[.]online/ij84/
hxxps://pronethellas[.]com/dezX/OBLQLSGPaA72[.]bin
hxxp://www[.]theertyuiergthjk[.]homes/s8o3/
Formbook


URL
hxxp://91[.]92[.]255[.]162/Exodus[.]exe
hxxp://hfs[.]t1linux[.]com:7845/scdsshfk
Coinminer


URL
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/msvcp140[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/msvcp140[.]dll
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/mozglue[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/vcruntime140[.]dll
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/softokn3[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/mozglue[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/nss3[.]dll
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/nss3[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/softokn3[.]dll
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/freebl3[.]dll
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/vcruntime140[.]dll
hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/sqlite3[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/sqlite3[.]dll
hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/freebl3[.]dll
hxxp://109[.]172[.]112[.]246/f993692117a3fda2[.]php
hxxp://185[.]172[.]128[.]76/8681490a59ad0e34[.]php
hxxp://185[.]172[.]128[.]62/902e53a07830e030[.]php
hxxp://185[.]70[.]186[.]153/8681490a59ad0e34[.]php
hxxp://139[.]60[.]162[.]84/902e53a07830e030[.]php
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/vcruntime140[.]dll
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/freebl3[.]dll
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/sqlite3[.]dll
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/msvcp140[.]dll
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/nss3[.]dll
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/softokn3[.]dll
hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/mozglue[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/msvcp140[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/nss3[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/softokn3[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/mozglue[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/vcruntime140[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/freebl3[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/sqlite3[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/mozglue[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/sqlite3[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/nss3[.]dll
hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/freebl3[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/msvcp140[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/freebl3[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/vcruntime140[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/vcruntime140[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/sqlite3[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/msvcp140[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/mozglue[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/nss3[.]dll
hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/softokn3[.]dll
hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/softokn3[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/nss3[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/mozglue[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/freebl3[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/vcruntime140[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/msvcp140[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/sqlite3[.]dll
hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/softokn3[.]dll
hxxp://185[.]172[.]128[.]151/7043a0c6a68d9c65[.]php
hxxp://185[.]172[.]128[.]150/c698e1bc8a2f5e6d[.]php
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/nss3[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/sqlite3[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/nss3[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/msvcp140[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/softokn3[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/mozglue[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/freebl3[.]dll
hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/vcruntime140[.]dll
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/freebl3[.]dll
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/msvcp140[.]dll
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/sqlite3[.]dll
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/mozglue[.]dll
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/softokn3[.]dll
hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/vcruntime140[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/mozglue[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/softokn3[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/sqlite3[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/msvcp140[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/nss3[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/freebl3[.]dll
hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/vcruntime140[.]dll
Stealc


URL
hxxp://94[.]156[.]8[.]104/yFtqL16[.]bin
hxxp://23[.]95[.]60[.]77/Spondulix[.]aaf
hxxp://23[.]95[.]60[.]77/Alkoholtesterne[.]inf
hxxp://23[.]95[.]60[.]77/ZojmiQALG175[.]bin
hxxp://23[.]95[.]60[.]77/Dataindsamlingsmetode[.]aaf
hxxp://23[.]95[.]60[.]77/rCesEMZzXCbmuxRAJxwefbC103[.]bin
hxxp://103[.]176[.]113[.]223/Quinquevirs[.]snp
hxxp://103[.]176[.]113[.]223/TBxbwkGePLxKOA249[.]bin
hxxp://193[.]239[.]86[.]203/HZCPkOdRHc240[.]bin
hxxp://193[.]239[.]86[.]203/XWJPh99[.]bin
hxxp://park-your-track[.]com/sMhTRKoJczYMPIsfmUlhI11[.]bin
hxxp://park-your-track[.]com/fiSJjFLNo136[.]bin
hxxp://park-your-track[.]com/GmFevNELSD168[.]bin
hxxp://147[.]78[.]103[.]250/BuIghtCqrJhlPgDSxLwHfQ10[.]bin
hxxp://147[.]78[.]103[.]250/zXGBvLUnUBXakgMWNTIasQQVPkM94[.]bin
hxxp://147[.]78[.]103[.]250/Segregeringers[.]asd
hxxp://209[.]90[.]234[.]47/LXAzjjlvCZlq55[.]bin
hxxp://209[.]90[.]234[.]47/qPLxNCrkTkLyleB160[.]bin
hxxp://94[.]156[.]8[.]104/Tilsudlet[.]deploy
hxxp://94[.]156[.]8[.]104/Aksgrsserne[.]inf
hxxp://94[.]156[.]8[.]104/yhHZZNqAePDSUakAFmHWn151[.]bin
hxxp://87[.]121[.]105[.]163/Saltss127[.]rar
hxxp://87[.]121[.]105[.]163/domkapitler[.]msi
hxxp://87[.]121[.]105[.]163/Punktet[.]hhp
hxxp://87[.]121[.]105[.]163/Acariatre43[.]chm
hxxp://87[.]121[.]105[.]163/AKaUDBTG140[.]bin
hxxp://87[.]121[.]105[.]163/NSxYKhCjViPIUkYE4[.]bin
hxxp://146[.]70[.]113[.]163/vGolKC42[.]bin
hxxp://172[.]93[.]222[.]224/akmbTS190[.]bin
hxxp://172[.]93[.]222[.]224/QcRNdhtadiFKZFQH172[.]bin
CloudEyE


URL
hxxp://47[.]111[.]180[.]75:222/TSRJ_V11[.]exe
hxxp://47[.]111[.]180[.]75:222/TSRJ_V12[.]exe
KrBanker


URL
hxxps://bigwing[.]algoitsolutions[.]co[.]uk/wp-content/plugins/share-private-files/shared/
hxxps://rjjewelpk[.]com/wp-content/plugins/share-private-files/shared/
hxxp://antvietnam[.]com/wp-content/plugins/user-private-files/shared/
hxxps://metrobasket[.]in/wp-content/plugins/share-private-files/shared/
hxxps://2mo[.]com/wp-content/plugins/share-private-files/shared/
hxxps://eco-villas[.]com/wp-content/plugins/share-private-files/shared/
hxxps://www[.]pujamosporti[.]com/wp-content/plugins/share-private-files/shared/
hxxps://saveutilitybills[.]com/wp-content/plugins/share-private-files/shared/
hxxp://newsmedia247[.]site/wp-content/plugins/user-private-files/shared/
hxxp://bissecci[.]org/wp-content/plugins/user-private-files/shared/
hxxp://phs124168[.]com/wp-content/plugins/user-private-files/shared/
hxxp://146[.]19[.]106[.]236/neo[.]msi
hxxps://startmast[.]shop/live/
hxxp://cbg[.]divineunveil[.]com/wp-content/plugins/user-private-files/shared/
hxxp://ugandainarabic[.]com/wp-content/plugins/user-private-files/shared/
hxxp://185[.]219[.]220[.]149/bim[.]msi
hxxps://dimozti1[.]org/security_check/
Unidentified 111 (Latrodectus)


URL
hxxps://siqz[.]anesthetics[.]biomedzglobal[.]com/editContent
hxxps://nanoderecho[.]com/cdn-vs/original[.]js
hxxps://nanoderecho[.]com/cdn-vs/cache[.]php
hxxps://dinets[.]best/data[.]php
hxxps://nanoderecho[.]com/cdn-vs/per[.]php
hxxps://pixelread[.]com/cdn-vs/original[.]js
hxxps://pixelread[.]com/cdn-vs/cache[.]php
hxxps://pixelread[.]com/cdn-vs/per[.]php
FAKEUPDATES


URL
hxxp://104[.]218[.]236[.]136/1[.]txt
XOR DDoS


URL
hxxp://greatnessappreviews[.]com/8BvxwQdec3/index[.]php
hxxp://kindofwelcomeperspective[.]com/8BvxwQdec3/index[.]php
Amadey


URL
hxxp://tampabayllc[.]top/teamb/five/fre[.]php
LokiBot


URL
hxxps://discord[.]com/api/webhooks/1230863499496783923/A02kDLEw6wbN8ixBXQtfYqly_yrSOMARWe64V1_a5LlUVAnlyyQj7Axye820VBzQV8HJ
Umbral


URL
hxxps://s2r[.]tn/A/file[.]txt
hxxps://paste[.]ee/d/tYRVn
hxxps://paste[.]ee/d/KOTBb
XWorm


URL
hxxps://ipworldbestscan[.]xyz/NmE0N2YwOWEzMTM3/
hxxps://ipscanworldbest[.]xyz/NmE0N2YwOWEzMTM3/
hxxps://ipworldscanbest[.]xyz/NmE0N2YwOWEzMTM3/
hxxps://ipscanbestworld[.]xyz/NmE0N2YwOWEzMTM3/
hxxps://moneycsasfasfh[.]com/MmExODA3MDAzZjA5/
hxxps://moneycsasfasfh[.]net/MmExODA3MDAzZjA5/
hxxps://scanworldbestip[.]xyz/NmE0N2YwOWEzMTM3/
hxxps://tecald[.]xyz/ODllNjM0OWJkNmU2/
Coper


URL
hxxps://fluggis[.]com/Lssatcp64[.]exe
Meterpreter


URL
hxxps://cdn[.]discordapp[.]com/attachments/1226148623633616937/1226152095611355169/RemoverAI[.]exe?ex=6623ba20&is=66114520&hm=9801c4f179d29bf85b768ad75acfdbd89cdf3c621bca75ee1e8f81065a4caae4&
BlankGrabber


URL
hxxp://92[.]118[.]112[.]60/36shr[.]txt
hxxp://156[.]245[.]13[.]36:8000/8443beacon
hxxp://156[.]245[.]13[.]101:8000/8443beacon
hxxp://156[.]245[.]13[.]61:8000/8443nobeacon
hxxp://156[.]245[.]13[.]36:8000/8443nobeacon
hxxp://156[.]245[.]13[.]101:8000/8443nobeacon
hxxp://156[.]245[.]13[.]61:8000/8443beacon
hxxp://156[.]245[.]13[.]36:8000/windowsVirus[.]exe
hxxp://156[.]245[.]13[.]101:8000/windowsVirus[.]exe
hxxp://156[.]245[.]13[.]61:8000/windowsVirus[.]exe
Sliver


URL
hxxp://141[.]98[.]10[.]76/sh4
hxxp://141[.]98[.]10[.]76/ppc
hxxp://45[.]131[.]111[.]251/hydro[.]sh4
hxxp://45[.]131[.]111[.]251/hydro[.]ppc
hxxp://150[.]95[.]112[.]19//bot[.]ppc
hxxp://150[.]95[.]112[.]19//bot[.]arm
hxxp://150[.]95[.]112[.]19//bot[.]mips
hxxp://150[.]95[.]112[.]19//bot[.]arm7
hxxp://150[.]95[.]112[.]19//bot[.]mpsl
hxxp://150[.]95[.]112[.]19//bot[.]arm6
hxxp://150[.]95[.]112[.]19//bot[.]sh4
hxxp://150[.]95[.]112[.]19//bot[.]m68k
hxxp://150[.]95[.]112[.]19//bot[.]x86
hxxp://150[.]95[.]112[.]19//bot[.]arm5
hxxp://150[.]95[.]112[.]19//debug[.]dbg
hxxp://150[.]95[.]112[.]19/debug[.]dbg
hxxp://legendsworld[.]top/vlxx[.]m68k
hxxp://legendsworld[.]top/vlxx[.]sh4
hxxp://legendsworld[.]top/vlxx[.]spc
hxxp://legendsworld[.]top/vlxx[.]ppc
hxxp://legendsworld[.]top/w[.]sh
hxxp://legendsworld[.]top/wget[.]sh
hxxp://150[.]95[.]109[.]27/bot[.]mips
hxxp://150[.]95[.]109[.]27/bot[.]arm7
hxxp://150[.]95[.]109[.]27/bot[.]arm6
hxxp://150[.]95[.]109[.]27/bot[.]arm
hxxp://150[.]95[.]109[.]27/bot[.]arm5
hxxp://150[.]95[.]109[.]27/bot[.]ppc
hxxp://150[.]95[.]109[.]27/bot[.]sh4
hxxp://150[.]95[.]109[.]27/bot[.]mpsl
hxxp://150[.]95[.]109[.]27/bot[.]x86
hxxp://150[.]95[.]109[.]27/bot[.]m68k
MooBot


URL
hxxps://cdn[.]discordapp[.]com/attachments/1232897598218571787/1233725964500996127/csgg[.]exe?ex=662e2457&is=662cd2d7&hm=505ce3df6c3daa79a71a95fe96bbc34c63911100fbc325304c7e4b2117b78c0f&
hxxps://aideca[.]org[.]pe/yz/panel/uploads/Zobhihjlsgy[.]wav
hxxps://pasteio[.]com/raw/xQAP5P41U8DI
hxxp://172[.]245[.]33[.]153/310/ENG[.]txt
hxxp://172[.]245[.]33[.]153/320/PNH/wintheheartofgirlwithagreatachievementhappeninginourlifewithcutehappinesshappenedinsideofourhearttounderstand__sheismylovertogetherback[.]doc
hxxps://pasteio[.]com/raw/x6iIksiqNqad
hxxps://pasteio[.]com/raw/xBH758AmfLGX
hxxps://pasteio[.]com/raw/xD6WLcrxAnep
Remcos


URL
hxxps://paste[.]ee/d/VdrA0
Venom RAT


URL
hxxps://peanuearthflaxes[.]shop/api
hxxps://auctiongutollyjkui[.]shop/api
Lumma Stealer


URL
hxxp://public-ftp[.]com/img/logo4[.]jpg
zgRAT


URL
hxxp://38[.]60[.]254[.]86:6677/IRemotePanel
RedLine Stealer


URL
hxxps://vahidtried[.]nitrocp[.]site/wa//contact[.]php?result=ok&action=upload&androidid=
hxxps://vahidtried[.]nitrocp[.]site/wa//requests[.]php
hxxps://vahidtried[.]nitrocp[.]site/wa//sms[.]php?result=ok&action=upload&androidid=
IRATA


URL
hxxps://ssh44[.]com/assets/images/steam[.]exe
hxxps://ssh44[.]com/assets/images/Iss[.]exe
Rhadamanthys


URL
hxxp://80[.]66[.]89[.]165/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://80[.]66[.]89[.]161/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
hxxp://80[.]66[.]89[.]146/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
SmartLoader


URL
hxxp://156[.]245[.]13[.]36:8000/ready[.]apk
hxxp://156[.]245[.]13[.]61:8000/read1y[.]apk
hxxp://156[.]245[.]13[.]101:8000/read1y[.]apk
hxxp://156[.]245[.]13[.]36:8000/read1y[.]apk
hxxp://156[.]245[.]13[.]61:8000/ready[.]apk
hxxp://156[.]245[.]13[.]101:8000/ready[.]apk
SpyNote


URL
hxxps://pasteio[.]com/raw/xOg18pHQGOQK
hxxps://pasteio[.]com/raw/xRzIkuwCyozY
NjRAT


URL
hxxp://piratia[.]su/tmp/index[.]php
hxxp://piratia-life[.]ru/tmp/index[.]php
hxxp://icebrasilpr[.]com/tmp/index[.]php
hxxp://h-c-v[.]ru/tmp/index[.]php
hxxp://cellc[.]org/tmp/index[.]php
hxxp://pofix[.]red/upd/index[.]php
SmokeLoader


URL
hxxps://cdn35[.]space/files/document[.]pdf
NetSupportManager RAT


URL
hxxp://193[.]233[.]132[.]177/lbb[.]exe
LockBit


URL
hxxp://public-ftp[.]com/img/logo6[.]jpg
Mars Stealer


URL
hxxps://rakishevkenes[.]com/wp-admin/admin-ajax[.]php
Phemedrone Stealer




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://taketa[.]top/JavascriptPollMultigeneratordatalife[.]php hxxp://842614cm[.]n9shteam2[.]top/videosecureasyncDatalifeUploads[.]php hxxp://178546cm[.]n9shteam3[.]top/gameCentraluploads[.]php hxxp://212[.]113[.]106[.]125/Windows/DownloadsLongpoll/GeneratorImage/wordpress/Wp6datalife0/phpJavascripthttpprotectFlower[.]php hxxp://188[.]120[.]242[.]235/ExternalPythonPhpSecuretrafficTestlocaltempUploadsDownloads[.]php hxxp://550515cm[.]n9shteam2[.]top/eternalUpdatebigloaduniversalDatalife[.]php hxxp://796367cm[.]n9shteam2[.]top/ProvidervideoPythondefaultPrivate[.]php hxxp://intopart[.]top/Eternalpollgeocpu[.]php hxxp://85[.]159[.]231[.]54/polldbSecureuploads/Datalife21sql/58/5Db/Temporary4wordpress/Image/videosecureAuthbaseasyncTrafficCdn[.]php hxxp://055442cm[.]n9shteam2[.]top/EternalpollProtectTrafficWordpressLocaltempdownloads[.]php hxxp://994609cm[.]n9shteam2[.]top/imagevmpipepythonjavascriptauthlocal[.]php hxxps://pasteio[.]com/raw/xmZCCEl54fXw	DCRat
URL	hxxp://85[.]203[.]42[.]194/en_US/all[.]js hxxp://39[.]105[.]191[.]1:18888/lt8E hxxps://8[.]138[.]119[.]180/owa/ hxxps://1[.]14[.]96[.]69/ca hxxp://47[.]113[.]150[.]236:7777/dot[.]gif hxxps://185[.]229[.]237[.]201/metro91/admin/1/ppptp[.]jpg hxxp://111[.]230[.]98[.]22/cm hxxp://43[.]130[.]252[.]161:8888/__utm[.]gif hxxp://209[.]222[.]0[.]68/visit[.]js hxxp://60[.]205[.]115[.]92:8011/ptj hxxps://38[.]147[.]170[.]150:8443/activity hxxp://8[.]138[.]119[.]180:8080/owa/ hxxp://43[.]139[.]205[.]56/en_US/all[.]js hxxp://111[.]230[.]98[.]22:7777/ca hxxps://118[.]31[.]116[.]9/jquery-3[.]3[.]1[.]min[.]js hxxp://38[.]147[.]170[.]150:5555/updates[.]rss hxxp://8[.]130[.]29[.]62/IE9CompatViewList[.]xml hxxp://122[.]51[.]89[.]45/dot[.]gif hxxp://119[.]91[.]218[.]68/ca hxxp://43[.]136[.]43[.]49/IE9CompatViewList[.]xml hxxp://ns1[.]anonymouskids[.]uk/image/ hxxp://mail[.]metadate[.]services/push hxxp://65[.]20[.]85[.]214/dpixel hxxp://43[.]157[.]90[.]6/load hxxps://192[.]227[.]137[.]122/dot[.]gif hxxp://134[.]209[.]27[.]35/oscp/ hxxp://47[.]236[.]28[.]67/updates[.]rss hxxp://service-qyygkf1k-1307679590[.]gz[.]tencentapigw[.]com[.]cn/api/getit hxxp://47[.]92[.]151[.]17/lib/v2/wcp-consent[.]js hxxp://3[.]86[.]13[.]34/visit[.]js hxxp://154[.]201[.]83[.]203/pixel[.]gif hxxp://154[.]12[.]23[.]153/activity hxxp://www[.]nickelviper[.]com/push hxxp://185[.]104[.]181[.]135/zC hxxps://www[.]gfyl[.]fun/jquery-3[.]3[.]1[.]min[.]js hxxps://139[.]159[.]241[.]73/industry_solutions/test hxxps://185[.]216[.]117[.]157/updates[.]rss hxxp://47[.]120[.]17[.]76:3306/jquery-3[.]3[.]1[.]min[.]js hxxps://121[.]37[.]230[.]155/start/burst hxxps://124[.]222[.]173[.]133/preserve/Extranet/LFF00FQ6U2H0 hxxps://39[.]98[.]157[.]4/activity hxxps://8[.]130[.]34[.]85/pixel[.]gif hxxps://1488[.]winstate[.]cc/dot[.]gif hxxps://39[.]98[.]157[.]4:8089/fwlink hxxp://43[.]251[.]159[.]58:8637/load hxxp://106[.]14[.]75[.]240:8099/cx hxxp://43[.]139[.]235[.]226:8089/fwlink hxxp://39[.]104[.]230[.]184:6666/ga[.]js hxxps://106[.]14[.]75[.]240:1443/IE9CompatViewList[.]xml hxxp://49[.]232[.]208[.]22/ga[.]js hxxp://bb[.]makkgg[.]fyi:8080/push hxxps://154[.]12[.]29[.]59/ptj hxxps://39[.]98[.]157[.]4:8888/ptj hxxp://81[.]71[.]127[.]160:8888/IE9CompatViewList[.]xml hxxp://162[.]14[.]107[.]218/visit[.]js hxxps://43[.]138[.]222[.]123/push hxxp://45[.]116[.]79[.]9/ptj hxxps://101[.]33[.]192[.]242/rewardsapp/ncfooter hxxp://120[.]46[.]130[.]73:6666/g[.]pixel hxxp://101[.]43[.]191[.]108:9998/j[.]ad hxxp://156[.]224[.]20[.]92/IE9CompatViewList[.]xml hxxp://37[.]27[.]11[.]209:8023/pixel[.]gif hxxps://128[.]199[.]178[.]134/visit[.]js hxxp://101[.]43[.]165[.]220/IE9CompatViewList[.]xml hxxp://101[.]201[.]54[.]74:1234/ptj hxxp://116[.]205[.]189[.]199:6666/dpixel hxxps://bb[.]makkgg[.]fyi/pixel[.]gif hxxps://cs[.]h1ll0[.]cs[.]in:4433/updates[.]rss hxxps://111[.]230[.]12[.]198:88/pixel[.]gif hxxps://101[.]201[.]54[.]74/IE9CompatViewList[.]xml hxxp://60[.]204[.]217[.]11:9998/cm hxxp://c[.]hcgos[.]com/ca hxxp://39[.]105[.]191[.]1:8080/pixel[.]gif hxxp://119[.]91[.]45[.]113:55891/api/x hxxps://101[.]201[.]54[.]74:9999/dpixel hxxp://111[.]67[.]195[.]152:3333/pixel[.]gif hxxps://www[.]yamaxun[.]blog/Originate/v4[.]01/QGQTNORA hxxp://134[.]122[.]75[.]115:23/ga[.]js hxxp://147[.]78[.]47[.]184:8092/dpixel hxxp://60[.]204[.]208[.]32/cm hxxp://134[.]122[.]75[.]115/push hxxps://42[.]51[.]45[.]241/pixel hxxps://134[.]122[.]75[.]115:444/j[.]ad hxxp://103[.]47[.]82[.]210:8888/cm hxxp://103[.]47[.]82[.]210:8889/g[.]pixel hxxp://click[.]buys[.]ru:8080/jquery-3[.]3[.]1[.]min[.]js hxxps://service-e22kp8jz-1259321672[.]bj[.]tencentapigw[.]com[.]cn/jquerys-6[.]3[.]5[.]max[.]js hxxps://qax[.]gsldedie[.]sbs:2087/462c30d592f23b18/jquery/3[.]7[.]1/jquery[.]min[.]js hxxps://logist[.]cct-logistics[.]com:8443/jquery-3[.]3[.]1[.]min[.]js hxxp://176[.]32[.]35[.]104:82/pixel[.]gif hxxp://176[.]32[.]35[.]104:8090/match hxxp://176[.]32[.]35[.]104:81/dot[.]gif hxxp://io[.]cy789[.]ml:2095/IE9CompatViewList[.]xml hxxps://104[.]214[.]168[.]71/updates[.]rss hxxp://38[.]47[.]107[.]44/fwlink hxxp://47[.]96[.]72[.]192/dot[.]gif hxxp://106[.]14[.]143[.]151:8085/j[.]ad hxxps://213[.]1[.]229[.]142:8443/_/scs/mail-static/_/js/ hxxp://www[.]chinamobile[.]live:8080/api/3 hxxps://38[.]60[.]217[.]159/load hxxp://116[.]205[.]185[.]98/ga[.]js hxxp://116[.]62[.]197[.]217:81/pixel[.]gif hxxp://54[.]37[.]226[.]59/__utm[.]gif hxxp://154[.]201[.]73[.]20/pixel[.]gif hxxp://www[.]chinamobile[.]live/api/3 hxxps://91[.]92[.]255[.]137/jquery-3[.]3[.]1[.]min[.]js hxxp://91[.]92[.]255[.]137/jquery-3[.]3[.]1[.]min[.]js hxxp://39[.]100[.]90[.]3/jquery[.]com/ hxxps://37[.]27[.]45[.]203/__utm[.]gif hxxp://47[.]98[.]247[.]113:9999/cm hxxp://45[.]116[.]79[.]9/match hxxps://121[.]37[.]230[.]155/googleapi/affiliation/v1/affiliation:lookupByHashPrefix hxxp://60[.]204[.]217[.]11:9998/pixel[.]gif hxxp://122[.]51[.]220[.]170/updates[.]rss hxxp://173[.]211[.]46[.]172/j[.]ad hxxps://173[.]211[.]46[.]172/load hxxps://47[.]98[.]247[.]113:2222/updates[.]rss hxxp://123[.]60[.]181[.]152:8001/pixel[.]gif hxxp://175[.]178[.]160[.]155:8080/g[.]pixel hxxp://60[.]204[.]220[.]208/load hxxps://cs[.]xfdaili[.]com/updates[.]rss hxxp://123[.]207[.]50[.]191/api/stream hxxp://cs[.]xfdaili[.]com/activity hxxp://38[.]147[.]170[.]150:5555/cm hxxp://88[.]214[.]26[.]29:8001/pixel hxxp://111[.]229[.]158[.]40:888/j[.]ad hxxp://124[.]71[.]106[.]234/cx hxxp://47[.]120[.]52[.]161/g[.]pixel hxxps://c[.]qqwhoami[.]org/updates hxxp://www[.]qichen[.]fun:8123/ca hxxps://8[.]134[.]11[.]7/push hxxps://39[.]100[.]109[.]229/mall_100_100[.]html hxxps://175[.]178[.]160[.]155:4443/cm hxxp://47[.]113[.]150[.]236:7777/ga[.]js hxxp://38[.]47[.]107[.]44/load hxxp://118[.]31[.]118[.]253/pixel[.]gif hxxps://38[.]147[.]170[.]150:8443/__utm[.]gif hxxp://175[.]178[.]160[.]155/fwlink hxxps://124[.]71[.]106[.]234/fwlink hxxp://62[.]234[.]180[.]14:8089/IE9CompatViewList[.]xml hxxps://106[.]14[.]141[.]234/zOMGAPT hxxp://service-jj4sc5n0-1325804472[.]gz[.]tencentapigw[.]com[.]cn/api/x hxxps://146[.]56[.]208[.]163/activity hxxps://www[.]rollupdate[.]com/rn[.]js hxxps://service-rkcvh0tf-1252325407[.]cd[.]tencentapigw[.]com/interface/picture/get hxxp://120[.]55[.]100[.]239/ptj hxxp://47[.]109[.]134[.]131/ca hxxp://47[.]98[.]110[.]166/load hxxp://175[.]178[.]49[.]159/cx hxxp://124[.]223[.]213[.]106/push hxxp://124[.]221[.]37[.]195/match hxxp://118[.]195[.]209[.]57/__utm[.]gif hxxp://106[.]54[.]211[.]150/dot[.]gif hxxp://149[.]88[.]82[.]139/load hxxp://60[.]204[.]170[.]160/IE9CompatViewList[.]xml hxxp://91[.]92[.]251[.]108/ga[.]js hxxp://43[.]139[.]235[.]226:8089/g[.]pixel hxxp://45[.]116[.]79[.]9/__utm[.]gif hxxp://60[.]204[.]220[.]208/IE9CompatViewList[.]xml hxxp://134[.]122[.]75[.]115:23/dot[.]gif hxxp://134[.]122[.]75[.]115/pixel[.]gif hxxp://134[.]122[.]75[.]115:26/IE9CompatViewList[.]xml hxxp://45[.]120[.]178[.]47/en_US/all[.]js hxxp://123[.]60[.]181[.]152:8001/visit[.]js hxxp://142[.]171[.]51[.]229/cx hxxps://faceboy[.]shop/functionalStatus/UdV4kcIWNYksdzob3mbtIBDhLViCeeVlP hxxp://62[.]204[.]41[.]11/ga[.]js hxxps://62[.]204[.]41[.]11/dpixel hxxp://156[.]245[.]13[.]61:8000/replacePara[.]exe hxxp://156[.]245[.]13[.]36:8000/replacePara[.]exe hxxp://156[.]245[.]13[.]101:8000/replacePara[.]exe hxxp://visualstudio[.]microsoft[.]com[.]volcgslb-mlt[.]com/mall_100_100[.]html hxxp://47[.]243[.]59[.]237/yi3H hxxp://124[.]220[.]6[.]158/g[.]pixel hxxp://47[.]115[.]215[.]30:9999/match hxxp://124[.]220[.]148[.]63:8888/dpixel hxxp://43[.]139[.]52[.]213:8088/pixel[.]gif hxxp://157[.]245[.]12[.]65/updates[.]rss hxxp://42[.]193[.]128[.]153/feedapi/v1/newsserver/api/getpassword hxxp://123[.]206[.]115[.]56:6667/j[.]ad hxxp://www[.]gfyl[.]fun:55554/jquery-3[.]3[.]1[.]min[.]js hxxp://162[.]14[.]73[.]154/ca hxxp://47[.]115[.]215[.]30:6666/__utm[.]gif hxxps://35[.]229[.]251[.]245/match hxxp://124[.]220[.]148[.]63:8889/match hxxp://124[.]220[.]148[.]63:9000/IE9CompatViewList[.]xml hxxps://134[.]122[.]130[.]181/jquery-3[.]3[.]1[.]min[.]js hxxp://156[.]245[.]13[.]36:443/jquery-3[.]3[.]1[.]min[.]js hxxp://47[.]99[.]188[.]195/fwlink hxxp://52[.]190[.]15[.]163/match hxxp://service-hh4fmtad-1321953982[.]sh[.]tencentapigw[.]com//api/x hxxp://192[.]252[.]182[.]98:808/__utm[.]gif hxxp://lebondogicoin[.]com:8080/Dequeue/mqseries/D7W0GTJFY hxxp://ikea0[.]com:8080/Dequeue/mqseries/D7W0GTJFY hxxp://91[.]238[.]181[.]230:8080/Dequeue/mqseries/D7W0GTJFY hxxps://45[.]32[.]196[.]110/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike
URL	hxxp://94[.]156[.]79[.]193/arm7 hxxp://2[.]58[.]95[.]134/no_killer/mpsl hxxp://94[.]156[.]79[.]193/m68k hxxp://94[.]156[.]79[.]193/ppc hxxp://94[.]156[.]79[.]193/sh4 hxxp://94[.]156[.]79[.]193/mipsel hxxp://94[.]156[.]79[.]193/i686 hxxp://94[.]156[.]79[.]193/arm4 hxxp://94[.]156[.]79[.]193/sh hxxp://94[.]156[.]79[.]193/r hxxp://94[.]156[.]79[.]193/sparc hxxp://srothanhlong[.]vn/assailant[.]arm6 hxxp://94[.]156[.]79[.]48/sauce[.]i686 hxxp://103[.]163[.]214[.]145/assailant[.]arm6 hxxp://94[.]156[.]79[.]48/sauce[.]x86 hxxp://94[.]156[.]79[.]48/sauce[.]Armv6l hxxp://94[.]156[.]79[.]48/sauce[.]armv5 hxxp://94[.]156[.]79[.]48/sauce[.]i586 hxxp://94[.]156[.]79[.]48/sauce[.]armv4 hxxp://45[.]88[.]90[.]17/rebirth[.]x86 hxxp://94[.]156[.]79[.]48/sauce[.]mipsel hxxp://94[.]156[.]79[.]48/sauce[.]sh4 hxxp://94[.]156[.]79[.]48/sauce[.]sparc hxxp://94[.]156[.]79[.]48/sauce[.]ppc hxxp://94[.]156[.]79[.]48/sauce[.]m68k hxxp://45[.]88[.]90[.]17/rebirth[.]i686 hxxp://45[.]88[.]90[.]17/rebirth[.]mips hxxp://45[.]88[.]90[.]17/rebirth[.]m68 hxxp://45[.]88[.]90[.]17/rebirth[.]ppc hxxp://45[.]88[.]90[.]17/rebirth[.]arm4 hxxp://45[.]88[.]90[.]17/rebirth[.]spc hxxp://45[.]88[.]90[.]17/rebirth[.]arm6 hxxp://45[.]88[.]90[.]17/rebirth[.]arm7 hxxp://45[.]88[.]90[.]17/rebirth[.]mpsl hxxp://45[.]88[.]90[.]17/rebirth[.]sh4 hxxp://14[.]225[.]203[.]65/vlxx[.]mips hxxp://14[.]225[.]203[.]65/vlxx[.]mpsl hxxp://45[.]88[.]90[.]168/sshd hxxp://45[.]88[.]90[.]168/telnetd hxxp://103[.]166[.]184[.]95/m-6[.]8-k[.]Sakura hxxp://103[.]166[.]184[.]95/a-r[.]m-6[.]Sakura hxxp://185[.]196[.]8[.]31/roze[.]armv4 hxxp://94[.]156[.]66[.]236/sauce[.]Armv6l hxxp://94[.]156[.]66[.]236/sauce[.]armv4 hxxp://5[.]253[.]246[.]39/zk[.]arm4 hxxp://5[.]42[.]102[.]198/rebirth[.]i686 hxxp://185[.]196[.]8[.]31/roze[.]mipsel hxxp://185[.]196[.]8[.]31/roze[.]armv6 hxxp://185[.]196[.]8[.]31/roze[.]armv7 hxxp://185[.]196[.]8[.]31/roze[.]i686 hxxp://185[.]196[.]8[.]31/roze[.]armv5 hxxp://5[.]253[.]246[.]39/zk[.]i686 hxxp://94[.]156[.]66[.]236/sauce[.]i586 hxxp://185[.]196[.]8[.]31/roze[.]ppc hxxp://94[.]156[.]66[.]236/sauce[.]i686 hxxp://185[.]196[.]8[.]31/roze[.]m68k hxxp://94[.]156[.]66[.]236/sauce[.]x86 hxxp://185[.]196[.]8[.]31/roze[.]mips hxxp://5[.]253[.]246[.]39/zk[.]x86 hxxp://5[.]253[.]246[.]39/zk[.]arm6 hxxp://94[.]156[.]66[.]236/sauce[.]mipsel hxxp://94[.]156[.]66[.]236/sauce[.]sh4 hxxp://185[.]196[.]8[.]31/roze[.]sh4 hxxp://94[.]156[.]66[.]236/sauce[.]ppc hxxp://5[.]253[.]246[.]39/zk[.]mpsl hxxp://5[.]253[.]246[.]39/zk[.]sh4 hxxp://5[.]42[.]102[.]198/rebirth[.]arm4t hxxp://94[.]156[.]66[.]236/sauce[.]m68k hxxp://5[.]253[.]246[.]39/zk[.]arm4t hxxp://94[.]156[.]66[.]236/sauce[.]sparc hxxp://5[.]253[.]246[.]39/zk[.]arm7 hxxp://5[.]253[.]246[.]39/zk[.]ppc hxxp://5[.]42[.]102[.]198/rebirth[.]arm6 hxxp://5[.]253[.]246[.]39/zk[.]arm5 hxxp://5[.]253[.]246[.]39/zk[.]spc hxxp://5[.]253[.]246[.]39/zk[.]mips hxxp://94[.]156[.]66[.]236/sauce[.]mips hxxp://5[.]42[.]102[.]198/rebirth[.]m68 hxxp://5[.]253[.]246[.]39/zk[.]m68 hxxp://103[.]14[.]226[.]21/a-r[.]m-6[.]Sakura hxxp://103[.]14[.]226[.]21/m-6[.]8-k[.]Sakura hxxp://46[.]226[.]160[.]88/sakura[.]x86 hxxp://46[.]226[.]160[.]88/sakura[.]ppc hxxp://46[.]226[.]160[.]88/sakura[.]arm7 hxxp://46[.]226[.]160[.]88/sakura[.]arm5 hxxp://46[.]226[.]160[.]88/sakura[.]mpsl hxxp://46[.]226[.]160[.]88/sakura[.]sparc hxxp://46[.]226[.]160[.]88/sakura[.]arm6 hxxp://185[.]38[.]142[.]103/arm61 hxxp://185[.]38[.]142[.]103/dss hxxp://185[.]38[.]142[.]103/dc hxxp://5[.]42[.]100[.]119/hidakibest[.]mips hxxp://5[.]42[.]100[.]119/hidakibest[.]sparc hxxp://5[.]42[.]100[.]119/hidakibest[.]mpsl hxxp://5[.]42[.]100[.]119/hidakibest[.]arm7 hxxp://5[.]42[.]100[.]119/hidakibest[.]arm5 hxxp://5[.]42[.]100[.]119/hidakibest[.]x86 hxxp://5[.]42[.]100[.]119/hidakibest[.]ppc	Bashlite
URL	hxxps://api[.]telegram[.]org/bot7017233680:AAEfWTUjfiK5hxLLRkmgitv57SQZuFap4nQ/ hxxp://nitio[.]com/k2/Unconscientiousness[.]jpb hxxp://nitio[.]com/k1/fdoImu226[.]bin hxxps://api[.]telegram[.]org/bot6542794227:AAFN3zw1IO9ShlzjqfCM2wKZwSz3yRGzRas/ hxxp://23[.]95[.]60[.]77/eveninggreatformonkeykingtounderstandtheyfeelingtheloveandsxentirethingswhichneverbreakupallthingsfromtheheart___shemygirlmywifesheismy[.]doc hxxps://api[.]telegram[.]org/bot7120748756:AAFZ1rNHWvZ2WKxfHU3qxCCnCA0rgvXj0Ts/ hxxps://api[.]telegram[.]org/bot6418207961:AAH1E3CkRrfH5aPds3LBLBZiKWkWD7qbX90/ hxxps://api[.]telegram[.]org/bot5239412158:AAHXn8rC3uvBHy_kv77GtIcxcuvBuXcKD_8/	Agent Tesla
URL	hxxps://jeuxviddeo[.]com/zyohg9odyvknmq9zlh hxxps://fluggis[.]com/QuasarLanTest[.]exe	Quasar RAT
URL	hxxps://85[.]209[.]133[.]106/slasl[.]txt hxxps://104[.]243[.]38[.]245/wGALtypQiCmIxDhX[.]txt hxxps://104[.]243[.]38[.]245/whQWPyHkpfaIRRMB[.]jpg hxxps://85[.]209[.]133[.]106/bar[.]jpg hxxp://193[.]26[.]115[.]230:555/h[.]jpg hxxp://193[.]26[.]115[.]230:555/t87[.]txt hxxps://193[.]26[.]115[.]238/blo[.]txt hxxps://193[.]26[.]115[.]238/ssh[.]jpg hxxps://193[.]26[.]115[.]238/ock[.]txt hxxps://41[.]216[.]188[.]20/dt[.]txt hxxps://41[.]216[.]188[.]20/b[.]jpg hxxp://94[.]156[.]128[.]246/a[.]exe hxxps://tmpfiles[.]org/dl/5248630/msedge1[.]exe hxxps://s2r[.]tn/A/windows[.]txt	AsyncRAT
URL	hxxp://www[.]langzzzblog[.]online/ij84/ hxxps://pronethellas[.]com/dezX/OBLQLSGPaA72[.]bin hxxp://www[.]theertyuiergthjk[.]homes/s8o3/	Formbook
URL	hxxp://91[.]92[.]255[.]162/Exodus[.]exe hxxp://hfs[.]t1linux[.]com:7845/scdsshfk	Coinminer
URL	hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/msvcp140[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/msvcp140[.]dll hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/mozglue[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/vcruntime140[.]dll hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/softokn3[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/mozglue[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/nss3[.]dll hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/nss3[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/softokn3[.]dll hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/freebl3[.]dll hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/vcruntime140[.]dll hxxp://109[.]172[.]112[.]246/8e6d9db21fb63946/sqlite3[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/sqlite3[.]dll hxxp://185[.]172[.]128[.]111/8e6d9db21fb63946/freebl3[.]dll hxxp://109[.]172[.]112[.]246/f993692117a3fda2[.]php hxxp://185[.]172[.]128[.]76/8681490a59ad0e34[.]php hxxp://185[.]172[.]128[.]62/902e53a07830e030[.]php hxxp://185[.]70[.]186[.]153/8681490a59ad0e34[.]php hxxp://139[.]60[.]162[.]84/902e53a07830e030[.]php hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/vcruntime140[.]dll hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/freebl3[.]dll hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/sqlite3[.]dll hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/msvcp140[.]dll hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/nss3[.]dll hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/softokn3[.]dll hxxp://139[.]60[.]162[.]84/0cb78a92c463a69f/mozglue[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/msvcp140[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/nss3[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/softokn3[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/mozglue[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/vcruntime140[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/freebl3[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/sqlite3[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/mozglue[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/sqlite3[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/nss3[.]dll hxxp://185[.]172[.]128[.]62/0cb78a92c463a69f/freebl3[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/msvcp140[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/freebl3[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/vcruntime140[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/vcruntime140[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/sqlite3[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/msvcp140[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/mozglue[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/nss3[.]dll hxxp://185[.]172[.]128[.]76/cc79ef49e382fdb7/softokn3[.]dll hxxp://185[.]70[.]186[.]153/cc79ef49e382fdb7/softokn3[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/nss3[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/mozglue[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/freebl3[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/vcruntime140[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/msvcp140[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/sqlite3[.]dll hxxp://185[.]161[.]248[.]78/69cd1a5596d101dd/softokn3[.]dll hxxp://185[.]172[.]128[.]151/7043a0c6a68d9c65[.]php hxxp://185[.]172[.]128[.]150/c698e1bc8a2f5e6d[.]php hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/nss3[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/sqlite3[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/nss3[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/msvcp140[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/softokn3[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/mozglue[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/freebl3[.]dll hxxp://185[.]172[.]128[.]150/b7d0cfdb1d966bdd/vcruntime140[.]dll hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/freebl3[.]dll hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/msvcp140[.]dll hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/sqlite3[.]dll hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/mozglue[.]dll hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/softokn3[.]dll hxxp://185[.]172[.]128[.]151/8420e83ceb95f3af/vcruntime140[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/mozglue[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/softokn3[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/sqlite3[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/msvcp140[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/nss3[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/freebl3[.]dll hxxp://185[.]172[.]128[.]151/b7d0cfdb1d966bdd/vcruntime140[.]dll	Stealc
URL	hxxp://94[.]156[.]8[.]104/yFtqL16[.]bin hxxp://23[.]95[.]60[.]77/Spondulix[.]aaf hxxp://23[.]95[.]60[.]77/Alkoholtesterne[.]inf hxxp://23[.]95[.]60[.]77/ZojmiQALG175[.]bin hxxp://23[.]95[.]60[.]77/Dataindsamlingsmetode[.]aaf hxxp://23[.]95[.]60[.]77/rCesEMZzXCbmuxRAJxwefbC103[.]bin hxxp://103[.]176[.]113[.]223/Quinquevirs[.]snp hxxp://103[.]176[.]113[.]223/TBxbwkGePLxKOA249[.]bin hxxp://193[.]239[.]86[.]203/HZCPkOdRHc240[.]bin hxxp://193[.]239[.]86[.]203/XWJPh99[.]bin hxxp://park-your-track[.]com/sMhTRKoJczYMPIsfmUlhI11[.]bin hxxp://park-your-track[.]com/fiSJjFLNo136[.]bin hxxp://park-your-track[.]com/GmFevNELSD168[.]bin hxxp://147[.]78[.]103[.]250/BuIghtCqrJhlPgDSxLwHfQ10[.]bin hxxp://147[.]78[.]103[.]250/zXGBvLUnUBXakgMWNTIasQQVPkM94[.]bin hxxp://147[.]78[.]103[.]250/Segregeringers[.]asd hxxp://209[.]90[.]234[.]47/LXAzjjlvCZlq55[.]bin hxxp://209[.]90[.]234[.]47/qPLxNCrkTkLyleB160[.]bin hxxp://94[.]156[.]8[.]104/Tilsudlet[.]deploy hxxp://94[.]156[.]8[.]104/Aksgrsserne[.]inf hxxp://94[.]156[.]8[.]104/yhHZZNqAePDSUakAFmHWn151[.]bin hxxp://87[.]121[.]105[.]163/Saltss127[.]rar hxxp://87[.]121[.]105[.]163/domkapitler[.]msi hxxp://87[.]121[.]105[.]163/Punktet[.]hhp hxxp://87[.]121[.]105[.]163/Acariatre43[.]chm hxxp://87[.]121[.]105[.]163/AKaUDBTG140[.]bin hxxp://87[.]121[.]105[.]163/NSxYKhCjViPIUkYE4[.]bin hxxp://146[.]70[.]113[.]163/vGolKC42[.]bin hxxp://172[.]93[.]222[.]224/akmbTS190[.]bin hxxp://172[.]93[.]222[.]224/QcRNdhtadiFKZFQH172[.]bin	CloudEyE
URL	hxxp://47[.]111[.]180[.]75:222/TSRJ_V11[.]exe hxxp://47[.]111[.]180[.]75:222/TSRJ_V12[.]exe	KrBanker
URL	hxxps://bigwing[.]algoitsolutions[.]co[.]uk/wp-content/plugins/share-private-files/shared/ hxxps://rjjewelpk[.]com/wp-content/plugins/share-private-files/shared/ hxxp://antvietnam[.]com/wp-content/plugins/user-private-files/shared/ hxxps://metrobasket[.]in/wp-content/plugins/share-private-files/shared/ hxxps://2mo[.]com/wp-content/plugins/share-private-files/shared/ hxxps://eco-villas[.]com/wp-content/plugins/share-private-files/shared/ hxxps://www[.]pujamosporti[.]com/wp-content/plugins/share-private-files/shared/ hxxps://saveutilitybills[.]com/wp-content/plugins/share-private-files/shared/ hxxp://newsmedia247[.]site/wp-content/plugins/user-private-files/shared/ hxxp://bissecci[.]org/wp-content/plugins/user-private-files/shared/ hxxp://phs124168[.]com/wp-content/plugins/user-private-files/shared/ hxxp://146[.]19[.]106[.]236/neo[.]msi hxxps://startmast[.]shop/live/ hxxp://cbg[.]divineunveil[.]com/wp-content/plugins/user-private-files/shared/ hxxp://ugandainarabic[.]com/wp-content/plugins/user-private-files/shared/ hxxp://185[.]219[.]220[.]149/bim[.]msi hxxps://dimozti1[.]org/security_check/	Unidentified 111 (Latrodectus)
URL	hxxps://siqz[.]anesthetics[.]biomedzglobal[.]com/editContent hxxps://nanoderecho[.]com/cdn-vs/original[.]js hxxps://nanoderecho[.]com/cdn-vs/cache[.]php hxxps://dinets[.]best/data[.]php hxxps://nanoderecho[.]com/cdn-vs/per[.]php hxxps://pixelread[.]com/cdn-vs/original[.]js hxxps://pixelread[.]com/cdn-vs/cache[.]php hxxps://pixelread[.]com/cdn-vs/per[.]php	FAKEUPDATES
URL	hxxp://104[.]218[.]236[.]136/1[.]txt	XOR DDoS
URL	hxxp://greatnessappreviews[.]com/8BvxwQdec3/index[.]php hxxp://kindofwelcomeperspective[.]com/8BvxwQdec3/index[.]php	Amadey
URL	hxxp://tampabayllc[.]top/teamb/five/fre[.]php	LokiBot
URL	hxxps://discord[.]com/api/webhooks/1230863499496783923/A02kDLEw6wbN8ixBXQtfYqly_yrSOMARWe64V1_a5LlUVAnlyyQj7Axye820VBzQV8HJ	Umbral
URL	hxxps://s2r[.]tn/A/file[.]txt hxxps://paste[.]ee/d/tYRVn hxxps://paste[.]ee/d/KOTBb	XWorm
URL	hxxps://ipworldbestscan[.]xyz/NmE0N2YwOWEzMTM3/ hxxps://ipscanworldbest[.]xyz/NmE0N2YwOWEzMTM3/ hxxps://ipworldscanbest[.]xyz/NmE0N2YwOWEzMTM3/ hxxps://ipscanbestworld[.]xyz/NmE0N2YwOWEzMTM3/ hxxps://moneycsasfasfh[.]com/MmExODA3MDAzZjA5/ hxxps://moneycsasfasfh[.]net/MmExODA3MDAzZjA5/ hxxps://scanworldbestip[.]xyz/NmE0N2YwOWEzMTM3/ hxxps://tecald[.]xyz/ODllNjM0OWJkNmU2/	Coper
URL	hxxps://fluggis[.]com/Lssatcp64[.]exe	Meterpreter
URL	hxxps://cdn[.]discordapp[.]com/attachments/1226148623633616937/1226152095611355169/RemoverAI[.]exe?ex=6623ba20&is=66114520&hm=9801c4f179d29bf85b768ad75acfdbd89cdf3c621bca75ee1e8f81065a4caae4&	BlankGrabber
URL	hxxp://92[.]118[.]112[.]60/36shr[.]txt hxxp://156[.]245[.]13[.]36:8000/8443beacon hxxp://156[.]245[.]13[.]101:8000/8443beacon hxxp://156[.]245[.]13[.]61:8000/8443nobeacon hxxp://156[.]245[.]13[.]36:8000/8443nobeacon hxxp://156[.]245[.]13[.]101:8000/8443nobeacon hxxp://156[.]245[.]13[.]61:8000/8443beacon hxxp://156[.]245[.]13[.]36:8000/windowsVirus[.]exe hxxp://156[.]245[.]13[.]101:8000/windowsVirus[.]exe hxxp://156[.]245[.]13[.]61:8000/windowsVirus[.]exe	Sliver
URL	hxxp://141[.]98[.]10[.]76/sh4 hxxp://141[.]98[.]10[.]76/ppc hxxp://45[.]131[.]111[.]251/hydro[.]sh4 hxxp://45[.]131[.]111[.]251/hydro[.]ppc hxxp://150[.]95[.]112[.]19//bot[.]ppc hxxp://150[.]95[.]112[.]19//bot[.]arm hxxp://150[.]95[.]112[.]19//bot[.]mips hxxp://150[.]95[.]112[.]19//bot[.]arm7 hxxp://150[.]95[.]112[.]19//bot[.]mpsl hxxp://150[.]95[.]112[.]19//bot[.]arm6 hxxp://150[.]95[.]112[.]19//bot[.]sh4 hxxp://150[.]95[.]112[.]19//bot[.]m68k hxxp://150[.]95[.]112[.]19//bot[.]x86 hxxp://150[.]95[.]112[.]19//bot[.]arm5 hxxp://150[.]95[.]112[.]19//debug[.]dbg hxxp://150[.]95[.]112[.]19/debug[.]dbg hxxp://legendsworld[.]top/vlxx[.]m68k hxxp://legendsworld[.]top/vlxx[.]sh4 hxxp://legendsworld[.]top/vlxx[.]spc hxxp://legendsworld[.]top/vlxx[.]ppc hxxp://legendsworld[.]top/w[.]sh hxxp://legendsworld[.]top/wget[.]sh hxxp://150[.]95[.]109[.]27/bot[.]mips hxxp://150[.]95[.]109[.]27/bot[.]arm7 hxxp://150[.]95[.]109[.]27/bot[.]arm6 hxxp://150[.]95[.]109[.]27/bot[.]arm hxxp://150[.]95[.]109[.]27/bot[.]arm5 hxxp://150[.]95[.]109[.]27/bot[.]ppc hxxp://150[.]95[.]109[.]27/bot[.]sh4 hxxp://150[.]95[.]109[.]27/bot[.]mpsl hxxp://150[.]95[.]109[.]27/bot[.]x86 hxxp://150[.]95[.]109[.]27/bot[.]m68k	MooBot
URL	hxxps://cdn[.]discordapp[.]com/attachments/1232897598218571787/1233725964500996127/csgg[.]exe?ex=662e2457&is=662cd2d7&hm=505ce3df6c3daa79a71a95fe96bbc34c63911100fbc325304c7e4b2117b78c0f& hxxps://aideca[.]org[.]pe/yz/panel/uploads/Zobhihjlsgy[.]wav hxxps://pasteio[.]com/raw/xQAP5P41U8DI hxxp://172[.]245[.]33[.]153/310/ENG[.]txt hxxp://172[.]245[.]33[.]153/320/PNH/wintheheartofgirlwithagreatachievementhappeninginourlifewithcutehappinesshappenedinsideofourhearttounderstand__sheismylovertogetherback[.]doc hxxps://pasteio[.]com/raw/x6iIksiqNqad hxxps://pasteio[.]com/raw/xBH758AmfLGX hxxps://pasteio[.]com/raw/xD6WLcrxAnep	Remcos
URL	hxxps://paste[.]ee/d/VdrA0	Venom RAT
URL	hxxps://peanuearthflaxes[.]shop/api hxxps://auctiongutollyjkui[.]shop/api	Lumma Stealer
URL	hxxp://public-ftp[.]com/img/logo4[.]jpg	zgRAT
URL	hxxp://38[.]60[.]254[.]86:6677/IRemotePanel	RedLine Stealer
URL	hxxps://vahidtried[.]nitrocp[.]site/wa//contact[.]php?result=ok&action=upload&androidid= hxxps://vahidtried[.]nitrocp[.]site/wa//requests[.]php hxxps://vahidtried[.]nitrocp[.]site/wa//sms[.]php?result=ok&action=upload&androidid=	IRATA
URL	hxxps://ssh44[.]com/assets/images/steam[.]exe hxxps://ssh44[.]com/assets/images/Iss[.]exe	Rhadamanthys
URL	hxxp://80[.]66[.]89[.]165/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://80[.]66[.]89[.]161/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms hxxp://80[.]66[.]89[.]146/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms	SmartLoader
URL	hxxp://156[.]245[.]13[.]36:8000/ready[.]apk hxxp://156[.]245[.]13[.]61:8000/read1y[.]apk hxxp://156[.]245[.]13[.]101:8000/read1y[.]apk hxxp://156[.]245[.]13[.]36:8000/read1y[.]apk hxxp://156[.]245[.]13[.]61:8000/ready[.]apk hxxp://156[.]245[.]13[.]101:8000/ready[.]apk	SpyNote
URL	hxxps://pasteio[.]com/raw/xOg18pHQGOQK hxxps://pasteio[.]com/raw/xRzIkuwCyozY	NjRAT
URL	hxxp://piratia[.]su/tmp/index[.]php hxxp://piratia-life[.]ru/tmp/index[.]php hxxp://icebrasilpr[.]com/tmp/index[.]php hxxp://h-c-v[.]ru/tmp/index[.]php hxxp://cellc[.]org/tmp/index[.]php hxxp://pofix[.]red/upd/index[.]php	SmokeLoader
URL	hxxps://cdn35[.]space/files/document[.]pdf	NetSupportManager RAT
URL	hxxp://193[.]233[.]132[.]177/lbb[.]exe	LockBit
URL	hxxp://public-ftp[.]com/img/logo6[.]jpg	Mars Stealer
URL	hxxps://rakishevkenes[.]com/wp-admin/admin-ajax[.]php	Phemedrone Stealer

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております