D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様6社: 2024/05/09
※2024/05/09 更新
マルウェア感染させると考えられるURLを検知（2024/05/09）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://38[.]255[.]42[.]91/mxnwd[.]vbs
hxxp://192[.]3[.]179[.]142/44556/HJCL[.]exe
hxxp://192[.]3[.]179[.]142/xampp/wksh/veryhappytoseeherthingstogetitsbackwithlotofthingssurewewillbebacksoonandeverythinggogreatwithout___happeingkisses[.]doc
hxxp://188[.]127[.]225[.]225/30990/EVA[.]txt
hxxps://paste[.]ee/d/Leqxg
hxxp://188[.]127[.]225[.]225/30990/ev/atruewinnerhereforthetruethingstohappenedwhatkindofbeautifulthingitsisverybeautifulimagesheretocreatenewone___tounderstandtheimagesgoodfor[.]doc
hxxp://188[.]127[.]225[.]225/30990/browserflowerimagesample[.]jpg
Remcos


URL
hxxps://penetratedworrsyw[.]shop/api
hxxp://193[.]233[.]132[.]56/lend/conhost[.]exe
hxxp://185[.]235[.]137[.]54/file/update[.]exe
hxxps://whispedwoodmoodsksl[.]shop/api
Lumma Stealer


URL
hxxps://kyrtasarim22[.]net/MjE3ZTBjN2RmM2M4/
hxxps://kyrtasarim22[.]com/MjE3ZTBjN2RmM2M4/
hxxps://kyrtasarim33[.]com/MjE3ZTBjN2RmM2M4/
Coper


URL
hxxps://valentinedaycard[.]com/bvxny6R6
hxxps://valentinedaycard[.]com/8OtaBr/
hxxps://currentsilverprice[.]com/8OtaBr/
hxxps://currentsilverprice[.]com/bvxny6R6
hxxps://waytowealth[.]org/8OtaBr/
hxxps://waytowealth[.]org/bvxny6R6
hxxps://teachabletutorials[.]com/8OtaBr/
hxxps://teachabletutorials[.]com/bvxny6R6
hxxps://listwisconsin[.]com/bvxny6R6
hxxps://listwisconsin[.]com/8OtaBr/
hxxps://voicelesson[.]org/8OtaBr/
hxxps://voicelesson[.]org/bvxny6R6
hxxps://debtavailable[.]com/8OtaBr/
hxxps://debtavailable[.]com/bvxny6R6
ClearFake


URL
hxxp://172[.]245[.]208[.]36/20777/hjv[.]exe
hxxp://172[.]245[.]208[.]36/xampp/bg/verygoodnewisshewasreadytomarrythepersonwhoshelovedalotwithentirethingssheisverybeautifulwomenwhosheloved____sheisbeautifulgirlssheis[.]doc
hxxp://www[.]qeintechnologies[.]com/NmBkxeAZlIrfpt226[.]bin
hxxp://www[.]qeintechnologies[.]com/ySuxi164[.]bin
hxxp://87[.]121[.]105[.]54/uZSXwWgeEgRsNXGAa146[.]bin
hxxp://87[.]121[.]105[.]54/Wonderment[.]inf
hxxp://146[.]70[.]113[.]142/zVruSzQypzXRhqHDQYTzq247[.]bin
hxxp://193[.]239[.]86[.]203/xGzvfQQaLW3[.]bin
hxxp://167[.]160[.]166[.]205/WBnzJPbEs18[.]bin
hxxp://167[.]160[.]166[.]205/XnPTd121[.]bin
hxxp://167[.]160[.]166[.]205/LkTupLMJe71[.]bin
hxxp://45[.]137[.]22[.]110/IGmUGQPdScBTGw229[.]bin
hxxp://192[.]3[.]109[.]149/xampp/gh/beautifulgirlsarerememberingthepersonwhoshelovedalotbecasusesheislovingthepersonisverybeautifulpersonn___sheisgreatgirliknow[.]doc
hxxp://www[.]qeintechnologies[.]com/IYiwE0[.]bin
CloudEyE


URL
hxxp://192[.]3[.]216[.]154/20778/hjv[.]exe
hxxp://104[.]168[.]33[.]34/33660/htm[.]exe
hxxp://104[.]168[.]33[.]34/xampp/bcc/bc/attractivesthingsmusthappenedalwayswithmetogetitbackeverythinggoodforusbeautifuldaystartingwithme___tounderstandhowimporatntitistomeforentirethigs[.]doc
hxxp://192[.]3[.]216[.]154/xampp/vg/verygoodmorningwecreatedagoodideatowalkupearlymronignfromthesleppsheisbeautifulsoiwknow___howmuchshelovedher[.]doc
hxxps://api[.]telegram[.]org/bot6107178761:AAHgabxzERKwr-kmuctjwK7hlO5aXFWx-vU/
hxxps://api[.]telegram[.]org/bot5967521781:AAFM9TWkFoveAFBEBJsmTEG-0oQtcRWcbVE/
hxxps://api[.]telegram[.]org/bot7120261306:AAEr4-KVB7u5Io5QXqJOespukUAYWvA7it0/
hxxps://api[.]telegram[.]org/bot7185330984:AAEhcUODBdkvuF0o7sB49L4zfsoWtQ10tyA/
hxxps://api[.]telegram[.]org/bot7166327996:AAGPihVNd1ShcG_CmE24Dqt8T2_CJLtBA7k/
hxxps://paste[.]ee/d/VrRVp
hxxp://139[.]99[.]162[.]245/verycuteflowerpictureimage[.]jpg
hxxp://139[.]99[.]162[.]245/wecreatedflowerbasedlandwhichverybeautifulandcuteforeveryonetovisitatimeperioditsgreatforourproject___sheisbeautifulgirlforme[.]doc
hxxp://139[.]99[.]162[.]245/tryandsee[.]txt
hxxps://api[.]telegram[.]org/bot7134623757:AAG14l2IijdHtUMTQB8PlsH-2xdwM6WlmzQ/
Agent Tesla


URL
hxxps://hkrha[.]colo[.]oystergarden[.]net/editContent
hxxps://scsvc[.]colo[.]oystergarden[.]net/editContent
FAKEUPDATES


URL
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/msvcp140[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/softokn3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/freebl3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/nss3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/sqlite3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/mozglue[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/vcruntime140[.]dll
Stealc


URL
hxxps://bitbucket[.]org/testerrrrrrrrrrr888/retsettttttt522222/downloads/en[.]exe
hxxp://147[.]45[.]198[.]80/AlterableStockstill[.]exe
RedLine Stealer


URL
hxxp://193[.]233[.]132[.]56/lend/main0506[.]exe
hxxp://065963cm[.]nyashkoon[.]top/ExternalvmSecuresqlWindowsTrackDatalife[.]php
hxxp://199[.]231[.]191[.]222/42public4/base/Test0CentralVideo/datalifePythondbflower/Bigloadprovider/2dle/0private/authLine6/Request4/ProvidervideoRequestflowerTraffictesttrackTemporary[.]php
hxxp://77[.]221[.]157[.]108/Python4/cdnDownloads/baseJavascript/provider5Trafficwindows/5dump/7WindowsWindowsDatalife/Auth8/GeneratorvideobasePhp/Mariadbphp/Multidefault/1dumpcentral5/flowerapitrackProcessor/CpujsMultiBetter/3Uploads/DleUploads0multi/Sqlpython/4External/Http/Better8Geo/PhpRequestLinuxpublic[.]php
hxxp://005514cm[.]n9shteam1[.]top/pythontrack[.]php
DCRat


URL
hxxp://193[.]233[.]132[.]56/lend/jgyesfersg[.]exe
SystemBC


URL
hxxp://193[.]233[.]132[.]56/lend/swiy[.]exe
Mars Stealer


URL
hxxp://45[.]153[.]243[.]219/sh
hxxp://103[.]109[.]37[.]155/fuckjewishpeople[.]arm6
hxxp://103[.]14[.]226[.]21/fuckjewishpeople[.]arm6
Bashlite


URL
hxxp://bufuvpb[.]com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a628ffa13c9e695
hxxp://bufuvpb[.]com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12eab517aa5c96bd86e99d874f865a8bbc896c58e713bc90c91b36b5281fc235a925ed3e55d6bd974a95129070b616e96cc92be20ea778c255bbe258b90d3b4eed3233d1626a8ff810c5ee909832c46f
hxxp://bdydnrb[.]com/search/?q=67e28dd86f0bfb7b435fa54e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1ee8889b5e4fa9281ae978a371ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffa10c5ed9c9232
hxxp://bdydnrb[.]com/search/?q=67e28dd86f0bfb7b435fa54e7c27d78406abdd88be4b12eab517aa5c96bd86eb968349805a8bbc896c58e713bc90c94b36b5281fc235a925ed3e00d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee909b3ecf669e1f
Socks5 Systemz


URL
hxxp://seadrill[.]top/kelvin/five/fre[.]php
hxxp://sempersim[.]su/d4/fre[.]php
hxxp://sempersim[.]su/d1/fre[.]php
LokiBot


URL
hxxps://api[.]telegram[.]org/bot6800672014:AAFjIhthNxpYeDLxh4u9CJvqMfisOhMGH6M/sendMessage?chat_id=6542615755
DarkCloud


URL
hxxp://88[.]214[.]26[.]29:8001/activity
hxxps://47[.]116[.]211[.]207/ptj
hxxp://120[.]27[.]131[.]3/visit[.]js
hxxps://111[.]230[.]12[.]238/pixel
hxxps://124[.]222[.]141[.]231:1443/load
hxxps://103[.]150[.]10[.]45:8443/visit[.]js
hxxp://118[.]194[.]233[.]185/updates[.]rss
hxxps://3se9ewodke339f0e83[.]connectivitytests[.]com/load
hxxp://60[.]204[.]217[.]11:9998/j[.]ad
hxxp://124[.]222[.]141[.]231:8080/IE9CompatViewList[.]xml
hxxps://117[.]72[.]8[.]192/c/msdownload/update/others/2024/05/9Dv7AyHg1Ag2KwO30_
hxxp://8[.]134[.]80[.]227/ChromeUpdate/ShellEx/index[.]php
hxxps://23[.]95[.]65[.]198/load
hxxp://210[.]114[.]11[.]173:806/load
hxxp://service-b0kt7bkd-1307485220[.]cd[.]tencentapigw[.]com/api/x
hxxps://124[.]221[.]181[.]157:8443/cx
hxxp://101[.]43[.]43[.]245/ca
hxxps://47[.]99[.]177[.]59:7443/cm
hxxp://47[.]109[.]49[.]229:8887/pixel[.]gif
hxxp://111[.]230[.]98[.]22:9999/push
hxxps://service-b0kt7bkd-1307485220[.]cd[.]tencentapigw[.]com/api/x
hxxp://49[.]235[.]118[.]195/match
hxxp://52[.]215[.]189[.]95/load
hxxp://54[.]67[.]45[.]193/ptj
hxxp://47[.]92[.]96[.]144/IE9CompatViewList[.]xml
hxxp://8[.]130[.]133[.]34/ptj
hxxp://8[.]130[.]102[.]101/g[.]pixel
hxxp://111[.]231[.]15[.]198/__utm[.]gif
hxxp://119[.]91[.]231[.]57:8080/fwlink
Cobalt Strike


URL
hxxp://119[.]45[.]223[.]112:81/mimi[.]exe
MimiKatz


URL
hxxp://a0980222[.]xsph[.]ru/1[.]exe
hxxp://193[.]222[.]96[.]124:7287/5[.]hta
hxxp://193[.]222[.]96[.]124:7287/4[.]hta
hxxp://193[.]222[.]96[.]124:7287/1[.]hta
AsyncRAT


URL
hxxps://164[.]155[.]241[.]15/ready[.]apk
hxxp://38[.]55[.]251[.]253/ready[.]apk
hxxp://164[.]155[.]241[.]15/ready[.]apk
SpyNote


URL
hxxp://193[.]222[.]96[.]143:7287/[.]hta
hxxp://193[.]222[.]96[.]143:7287/xx[.]bat
hxxp://193[.]222[.]96[.]124:7287/xD[.]bat
hxxp://193[.]222[.]96[.]124:7287/3[.]hta
hxxp://193[.]222[.]96[.]124:7287/2[.]hta
Venom RAT


URL
hxxp://trustadvisorygroup[.]com/2022/11/26/pet-skunk-legal-in-california
GootLoader


URL
hxxp://78[.]153[.]140[.]96/kinsing2
hxxp://78[.]153[.]140[.]96/ni[.]sh
hxxp://78[.]153[.]140[.]96/cp[.]sh
hxxp://78[.]153[.]140[.]96/mo[.]sh
hxxp://78[.]153[.]140[.]96/vm[.]sh
hxxp://78[.]153[.]140[.]96/py[.]sh
hxxp://78[.]153[.]140[.]96/tr[.]sh
hxxp://78[.]153[.]140[.]96/mi[.]sh
hxxp://78[.]153[.]140[.]96/se[.]sh
hxxp://78[.]153[.]140[.]96/ph[.]sh
hxxp://78[.]153[.]140[.]96/ci[.]sh
hxxp://78[.]153[.]140[.]96/st[.]sh
hxxp://78[.]153[.]140[.]96/al[.]sh
hxxp://78[.]153[.]140[.]96/spr[.]sh
hxxp://78[.]153[.]140[.]96/lr[.]sh
hxxp://78[.]153[.]140[.]96/kn[.]sh
hxxp://78[.]153[.]140[.]96/pg[.]sh
hxxp://78[.]153[.]140[.]96/md[.]sh
hxxp://78[.]153[.]140[.]96/wb[.]sh
hxxp://78[.]153[.]140[.]96/sp[.]sh
hxxp://78[.]153[.]140[.]96/ae[.]sh
hxxp://78[.]153[.]140[.]96/lf[.]sh
hxxp://78[.]153[.]140[.]96/ge[.]sh
hxxp://78[.]153[.]140[.]96/rm[.]sh
hxxp://78[.]153[.]140[.]96/pa[.]sh
hxxp://78[.]153[.]140[.]96/tc[.]sh
hxxp://78[.]153[.]140[.]96/an[.]sh
hxxp://78[.]153[.]140[.]96/gi[.]sh
hxxp://78[.]153[.]140[.]96/vb[.]sh
hxxp://78[.]153[.]140[.]96/sa[.]sh
hxxp://78[.]153[.]140[.]96/xx[.]sh
hxxp://78[.]153[.]140[.]96/ws[.]sh
hxxp://78[.]153[.]140[.]96/ce[.]sh
hxxp://78[.]153[.]140[.]96/acb[.]sh
hxxp://78[.]153[.]140[.]96/pg2[.]sh
hxxp://78[.]153[.]140[.]96/ku[.]sh
hxxp://78[.]153[.]140[.]96/bg[.]sh
hxxp://78[.]153[.]140[.]96/hb[.]sh
hxxp://78[.]153[.]140[.]96/sc[.]sh
hxxp://78[.]153[.]140[.]96/do[.]sh
hxxp://78[.]153[.]140[.]96/tm[.]sh
hxxp://78[.]153[.]140[.]96/mt[.]sh
hxxp://78[.]153[.]140[.]96/gl[.]sh
hxxp://78[.]153[.]140[.]96/ap[.]sh
hxxp://78[.]153[.]140[.]96/rv[.]sh
hxxp://78[.]153[.]140[.]96/cf[.]sh
hxxp://78[.]153[.]140[.]96/ki[.]sh
hxxp://78[.]153[.]140[.]96/scg[.]sh
hxxp://78[.]153[.]140[.]96/sm[.]sh
Kinsing


URL
hxxp://cajgtus[.]com/lancer/get[.]php
STOP


URL
hxxp://91[.]92[.]245[.]192/x[.]tgz
Coinminer


URL
hxxp://59[.]89[.]178[.]203:37872/Mozi[.]m
Mozi




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://38[.]255[.]42[.]91/mxnwd[.]vbs hxxp://192[.]3[.]179[.]142/44556/HJCL[.]exe hxxp://192[.]3[.]179[.]142/xampp/wksh/veryhappytoseeherthingstogetitsbackwithlotofthingssurewewillbebacksoonandeverythinggogreatwithout___happeingkisses[.]doc hxxp://188[.]127[.]225[.]225/30990/EVA[.]txt hxxps://paste[.]ee/d/Leqxg hxxp://188[.]127[.]225[.]225/30990/ev/atruewinnerhereforthetruethingstohappenedwhatkindofbeautifulthingitsisverybeautifulimagesheretocreatenewone___tounderstandtheimagesgoodfor[.]doc hxxp://188[.]127[.]225[.]225/30990/browserflowerimagesample[.]jpg	Remcos
URL	hxxps://penetratedworrsyw[.]shop/api hxxp://193[.]233[.]132[.]56/lend/conhost[.]exe hxxp://185[.]235[.]137[.]54/file/update[.]exe hxxps://whispedwoodmoodsksl[.]shop/api	Lumma Stealer
URL	hxxps://kyrtasarim22[.]net/MjE3ZTBjN2RmM2M4/ hxxps://kyrtasarim22[.]com/MjE3ZTBjN2RmM2M4/ hxxps://kyrtasarim33[.]com/MjE3ZTBjN2RmM2M4/	Coper
URL	hxxps://valentinedaycard[.]com/bvxny6R6 hxxps://valentinedaycard[.]com/8OtaBr/ hxxps://currentsilverprice[.]com/8OtaBr/ hxxps://currentsilverprice[.]com/bvxny6R6 hxxps://waytowealth[.]org/8OtaBr/ hxxps://waytowealth[.]org/bvxny6R6 hxxps://teachabletutorials[.]com/8OtaBr/ hxxps://teachabletutorials[.]com/bvxny6R6 hxxps://listwisconsin[.]com/bvxny6R6 hxxps://listwisconsin[.]com/8OtaBr/ hxxps://voicelesson[.]org/8OtaBr/ hxxps://voicelesson[.]org/bvxny6R6 hxxps://debtavailable[.]com/8OtaBr/ hxxps://debtavailable[.]com/bvxny6R6	ClearFake
URL	hxxp://172[.]245[.]208[.]36/20777/hjv[.]exe hxxp://172[.]245[.]208[.]36/xampp/bg/verygoodnewisshewasreadytomarrythepersonwhoshelovedalotwithentirethingssheisverybeautifulwomenwhosheloved____sheisbeautifulgirlssheis[.]doc hxxp://www[.]qeintechnologies[.]com/NmBkxeAZlIrfpt226[.]bin hxxp://www[.]qeintechnologies[.]com/ySuxi164[.]bin hxxp://87[.]121[.]105[.]54/uZSXwWgeEgRsNXGAa146[.]bin hxxp://87[.]121[.]105[.]54/Wonderment[.]inf hxxp://146[.]70[.]113[.]142/zVruSzQypzXRhqHDQYTzq247[.]bin hxxp://193[.]239[.]86[.]203/xGzvfQQaLW3[.]bin hxxp://167[.]160[.]166[.]205/WBnzJPbEs18[.]bin hxxp://167[.]160[.]166[.]205/XnPTd121[.]bin hxxp://167[.]160[.]166[.]205/LkTupLMJe71[.]bin hxxp://45[.]137[.]22[.]110/IGmUGQPdScBTGw229[.]bin hxxp://192[.]3[.]109[.]149/xampp/gh/beautifulgirlsarerememberingthepersonwhoshelovedalotbecasusesheislovingthepersonisverybeautifulpersonn___sheisgreatgirliknow[.]doc hxxp://www[.]qeintechnologies[.]com/IYiwE0[.]bin	CloudEyE
URL	hxxp://192[.]3[.]216[.]154/20778/hjv[.]exe hxxp://104[.]168[.]33[.]34/33660/htm[.]exe hxxp://104[.]168[.]33[.]34/xampp/bcc/bc/attractivesthingsmusthappenedalwayswithmetogetitbackeverythinggoodforusbeautifuldaystartingwithme___tounderstandhowimporatntitistomeforentirethigs[.]doc hxxp://192[.]3[.]216[.]154/xampp/vg/verygoodmorningwecreatedagoodideatowalkupearlymronignfromthesleppsheisbeautifulsoiwknow___howmuchshelovedher[.]doc hxxps://api[.]telegram[.]org/bot6107178761:AAHgabxzERKwr-kmuctjwK7hlO5aXFWx-vU/ hxxps://api[.]telegram[.]org/bot5967521781:AAFM9TWkFoveAFBEBJsmTEG-0oQtcRWcbVE/ hxxps://api[.]telegram[.]org/bot7120261306:AAEr4-KVB7u5Io5QXqJOespukUAYWvA7it0/ hxxps://api[.]telegram[.]org/bot7185330984:AAEhcUODBdkvuF0o7sB49L4zfsoWtQ10tyA/ hxxps://api[.]telegram[.]org/bot7166327996:AAGPihVNd1ShcG_CmE24Dqt8T2_CJLtBA7k/ hxxps://paste[.]ee/d/VrRVp hxxp://139[.]99[.]162[.]245/verycuteflowerpictureimage[.]jpg hxxp://139[.]99[.]162[.]245/wecreatedflowerbasedlandwhichverybeautifulandcuteforeveryonetovisitatimeperioditsgreatforourproject___sheisbeautifulgirlforme[.]doc hxxp://139[.]99[.]162[.]245/tryandsee[.]txt hxxps://api[.]telegram[.]org/bot7134623757:AAG14l2IijdHtUMTQB8PlsH-2xdwM6WlmzQ/	Agent Tesla
URL	hxxps://hkrha[.]colo[.]oystergarden[.]net/editContent hxxps://scsvc[.]colo[.]oystergarden[.]net/editContent	FAKEUPDATES
URL	hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/msvcp140[.]dll hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/softokn3[.]dll hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/freebl3[.]dll hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/nss3[.]dll hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/sqlite3[.]dll hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/mozglue[.]dll hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/vcruntime140[.]dll	Stealc
URL	hxxps://bitbucket[.]org/testerrrrrrrrrrr888/retsettttttt522222/downloads/en[.]exe hxxp://147[.]45[.]198[.]80/AlterableStockstill[.]exe	RedLine Stealer
URL	hxxp://193[.]233[.]132[.]56/lend/main0506[.]exe hxxp://065963cm[.]nyashkoon[.]top/ExternalvmSecuresqlWindowsTrackDatalife[.]php hxxp://199[.]231[.]191[.]222/42public4/base/Test0CentralVideo/datalifePythondbflower/Bigloadprovider/2dle/0private/authLine6/Request4/ProvidervideoRequestflowerTraffictesttrackTemporary[.]php hxxp://77[.]221[.]157[.]108/Python4/cdnDownloads/baseJavascript/provider5Trafficwindows/5dump/7WindowsWindowsDatalife/Auth8/GeneratorvideobasePhp/Mariadbphp/Multidefault/1dumpcentral5/flowerapitrackProcessor/CpujsMultiBetter/3Uploads/DleUploads0multi/Sqlpython/4External/Http/Better8Geo/PhpRequestLinuxpublic[.]php hxxp://005514cm[.]n9shteam1[.]top/pythontrack[.]php	DCRat
URL	hxxp://193[.]233[.]132[.]56/lend/jgyesfersg[.]exe	SystemBC
URL	hxxp://193[.]233[.]132[.]56/lend/swiy[.]exe	Mars Stealer
URL	hxxp://45[.]153[.]243[.]219/sh hxxp://103[.]109[.]37[.]155/fuckjewishpeople[.]arm6 hxxp://103[.]14[.]226[.]21/fuckjewishpeople[.]arm6	Bashlite
URL	hxxp://bufuvpb[.]com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a628ffa13c9e695 hxxp://bufuvpb[.]com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12eab517aa5c96bd86e99d874f865a8bbc896c58e713bc90c91b36b5281fc235a925ed3e55d6bd974a95129070b616e96cc92be20ea778c255bbe258b90d3b4eed3233d1626a8ff810c5ee909832c46f hxxp://bdydnrb[.]com/search/?q=67e28dd86f0bfb7b435fa54e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1ee8889b5e4fa9281ae978a371ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffa10c5ed9c9232 hxxp://bdydnrb[.]com/search/?q=67e28dd86f0bfb7b435fa54e7c27d78406abdd88be4b12eab517aa5c96bd86eb968349805a8bbc896c58e713bc90c94b36b5281fc235a925ed3e00d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee909b3ecf669e1f	Socks5 Systemz
URL	hxxp://seadrill[.]top/kelvin/five/fre[.]php hxxp://sempersim[.]su/d4/fre[.]php hxxp://sempersim[.]su/d1/fre[.]php	LokiBot
URL	hxxps://api[.]telegram[.]org/bot6800672014:AAFjIhthNxpYeDLxh4u9CJvqMfisOhMGH6M/sendMessage?chat_id=6542615755	DarkCloud
URL	hxxp://88[.]214[.]26[.]29:8001/activity hxxps://47[.]116[.]211[.]207/ptj hxxp://120[.]27[.]131[.]3/visit[.]js hxxps://111[.]230[.]12[.]238/pixel hxxps://124[.]222[.]141[.]231:1443/load hxxps://103[.]150[.]10[.]45:8443/visit[.]js hxxp://118[.]194[.]233[.]185/updates[.]rss hxxps://3se9ewodke339f0e83[.]connectivitytests[.]com/load hxxp://60[.]204[.]217[.]11:9998/j[.]ad hxxp://124[.]222[.]141[.]231:8080/IE9CompatViewList[.]xml hxxps://117[.]72[.]8[.]192/c/msdownload/update/others/2024/05/9Dv7AyHg1Ag2KwO30_ hxxp://8[.]134[.]80[.]227/ChromeUpdate/ShellEx/index[.]php hxxps://23[.]95[.]65[.]198/load hxxp://210[.]114[.]11[.]173:806/load hxxp://service-b0kt7bkd-1307485220[.]cd[.]tencentapigw[.]com/api/x hxxps://124[.]221[.]181[.]157:8443/cx hxxp://101[.]43[.]43[.]245/ca hxxps://47[.]99[.]177[.]59:7443/cm hxxp://47[.]109[.]49[.]229:8887/pixel[.]gif hxxp://111[.]230[.]98[.]22:9999/push hxxps://service-b0kt7bkd-1307485220[.]cd[.]tencentapigw[.]com/api/x hxxp://49[.]235[.]118[.]195/match hxxp://52[.]215[.]189[.]95/load hxxp://54[.]67[.]45[.]193/ptj hxxp://47[.]92[.]96[.]144/IE9CompatViewList[.]xml hxxp://8[.]130[.]133[.]34/ptj hxxp://8[.]130[.]102[.]101/g[.]pixel hxxp://111[.]231[.]15[.]198/__utm[.]gif hxxp://119[.]91[.]231[.]57:8080/fwlink	Cobalt Strike
URL	hxxp://119[.]45[.]223[.]112:81/mimi[.]exe	MimiKatz
URL	hxxp://a0980222[.]xsph[.]ru/1[.]exe hxxp://193[.]222[.]96[.]124:7287/5[.]hta hxxp://193[.]222[.]96[.]124:7287/4[.]hta hxxp://193[.]222[.]96[.]124:7287/1[.]hta	AsyncRAT
URL	hxxps://164[.]155[.]241[.]15/ready[.]apk hxxp://38[.]55[.]251[.]253/ready[.]apk hxxp://164[.]155[.]241[.]15/ready[.]apk	SpyNote
URL	hxxp://193[.]222[.]96[.]143:7287/[.]hta hxxp://193[.]222[.]96[.]143:7287/xx[.]bat hxxp://193[.]222[.]96[.]124:7287/xD[.]bat hxxp://193[.]222[.]96[.]124:7287/3[.]hta hxxp://193[.]222[.]96[.]124:7287/2[.]hta	Venom RAT
URL	hxxp://trustadvisorygroup[.]com/2022/11/26/pet-skunk-legal-in-california	GootLoader
URL	hxxp://78[.]153[.]140[.]96/kinsing2 hxxp://78[.]153[.]140[.]96/ni[.]sh hxxp://78[.]153[.]140[.]96/cp[.]sh hxxp://78[.]153[.]140[.]96/mo[.]sh hxxp://78[.]153[.]140[.]96/vm[.]sh hxxp://78[.]153[.]140[.]96/py[.]sh hxxp://78[.]153[.]140[.]96/tr[.]sh hxxp://78[.]153[.]140[.]96/mi[.]sh hxxp://78[.]153[.]140[.]96/se[.]sh hxxp://78[.]153[.]140[.]96/ph[.]sh hxxp://78[.]153[.]140[.]96/ci[.]sh hxxp://78[.]153[.]140[.]96/st[.]sh hxxp://78[.]153[.]140[.]96/al[.]sh hxxp://78[.]153[.]140[.]96/spr[.]sh hxxp://78[.]153[.]140[.]96/lr[.]sh hxxp://78[.]153[.]140[.]96/kn[.]sh hxxp://78[.]153[.]140[.]96/pg[.]sh hxxp://78[.]153[.]140[.]96/md[.]sh hxxp://78[.]153[.]140[.]96/wb[.]sh hxxp://78[.]153[.]140[.]96/sp[.]sh hxxp://78[.]153[.]140[.]96/ae[.]sh hxxp://78[.]153[.]140[.]96/lf[.]sh hxxp://78[.]153[.]140[.]96/ge[.]sh hxxp://78[.]153[.]140[.]96/rm[.]sh hxxp://78[.]153[.]140[.]96/pa[.]sh hxxp://78[.]153[.]140[.]96/tc[.]sh hxxp://78[.]153[.]140[.]96/an[.]sh hxxp://78[.]153[.]140[.]96/gi[.]sh hxxp://78[.]153[.]140[.]96/vb[.]sh hxxp://78[.]153[.]140[.]96/sa[.]sh hxxp://78[.]153[.]140[.]96/xx[.]sh hxxp://78[.]153[.]140[.]96/ws[.]sh hxxp://78[.]153[.]140[.]96/ce[.]sh hxxp://78[.]153[.]140[.]96/acb[.]sh hxxp://78[.]153[.]140[.]96/pg2[.]sh hxxp://78[.]153[.]140[.]96/ku[.]sh hxxp://78[.]153[.]140[.]96/bg[.]sh hxxp://78[.]153[.]140[.]96/hb[.]sh hxxp://78[.]153[.]140[.]96/sc[.]sh hxxp://78[.]153[.]140[.]96/do[.]sh hxxp://78[.]153[.]140[.]96/tm[.]sh hxxp://78[.]153[.]140[.]96/mt[.]sh hxxp://78[.]153[.]140[.]96/gl[.]sh hxxp://78[.]153[.]140[.]96/ap[.]sh hxxp://78[.]153[.]140[.]96/rv[.]sh hxxp://78[.]153[.]140[.]96/cf[.]sh hxxp://78[.]153[.]140[.]96/ki[.]sh hxxp://78[.]153[.]140[.]96/scg[.]sh hxxp://78[.]153[.]140[.]96/sm[.]sh	Kinsing
URL	hxxp://cajgtus[.]com/lancer/get[.]php	STOP
URL	hxxp://91[.]92[.]245[.]192/x[.]tgz	Coinminer
URL	hxxp://59[.]89[.]178[.]203:37872/Mozi[.]m	Mozi

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております