サイバーリスク情報提供 Dアラート 特許取得済み

不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0 URLアクセスした
弊社お客様3
2025/03/14
※2025/03/14 更新
マルウェア感染させると考えられるURLを検知(2025/03/14) 
■IoC(※1)





Type:
IOC:
Signature:




URL
hxxps://u1[.]wannabeclobber[.]shop/5nqtlbm4vs[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/1w22a9m76f[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/v0cvnljknp[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/6n7xky0faf[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/gwqh9648g7[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/9s59acduft[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/g39hn1rpdt[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/10k7y0iqqd[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/ltit0wfp18[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/x1zx27lubv[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/7h7a4tmdya[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/6ybbsstrhd[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/qny0hi9yk4[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/461j5yuwt9[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/u43eltquck[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/wn7e2n3cx9[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/zgsjwtp2pl[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/bpl3ty1rrv[.]mp3
hxxps://check[.]pajyg[.]icu/gkcxv[.]google
hxxps://u1[.]wannabeclobber[.]shop/zaoy43uuat[.]mp3
hxxps://check[.]cudol[.]icu/gkcxv[.]google
hxxps://u1[.]wannabeclobber[.]shop/hp1etpsppl[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/teplmnj5yh[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/9d50vpuwy9[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/v9yg0p3dl6[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/rvq1dv90hm[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/hzsz3pgsmd[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/vmf38yd285[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/48obo84q9v[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/4175g01ios[.]mp3
hxxps://u1[.]wannabeclobber[.]shop/zvgmfms6cg[.]mp3
hxxps://u1[.]upheldundermost[.]shop/y3ca171p0u[.]mp3
hxxps://u1[.]upheldundermost[.]shop/h1bkv8cq24[.]mp3
hxxps://check[.]lapib[.]icu/gkcxv[.]google
hxxps://u1[.]upheldundermost[.]shop/gilqyeu3do[.]mp3
hxxps://check[.]tozuj[.]icu/gkcxv[.]google
hxxps://check[.]gulov[.]icu/gkcxv[.]google
hxxps://u1[.]upheldundermost[.]shop/z7o1jew1dz[.]mp3
hxxps://check[.]gimyh[.]icu/gkcxv[.]google
hxxps://check[.]newyf[.]icu/gkcxv[.]google
hxxps://u1[.]upheldundermost[.]shop/k5xl1xilmg[.]mp3
hxxps://check[.]kakib[.]icu/gkcxv[.]google
hxxps://u1[.]upheldundermost[.]shop/ylndggkhni[.]mp3
hxxps://u1[.]upheldundermost[.]shop/zhtsna03eo[.]mp3
hxxps://u1[.]nullifychili[.]shop/u12ncg3gc4[.]mp3
hxxps://check[.]lixir[.]icu/gkcxv[.]google
hxxps://u1[.]nullifychili[.]shop/n43krmm5pi[.]mp3
hxxps://u1[.]nullifychili[.]shop/rf6e4qg8pi[.]mp3
hxxps://u1[.]nullifychili[.]shop/4ojiy66hyx[.]mp3
hxxps://check[.]fetoq[.]icu/gkcxv[.]google
hxxps://u1[.]nullifychili[.]shop/ysil290pd7[.]mp3
hxxps://u1[.]nullifychili[.]shop/8e7aty912g[.]mp3
hxxps://u1[.]nullifychili[.]shop/cmpt3hymls[.]mp3
hxxps://u1[.]nullifychili[.]shop/yc2zqmc5n7[.]mp3
hxxps://u1[.]nullifychili[.]shop/jh3gav0wzx[.]mp3		
ClearFake




URL
hxxps://vlmrodularmall[.]top/api
hxxps://gcrosshairc[.]life/api
hxxps://bcjlaspcorne[.]icu/api
hxxps://weaponrywo[.]digital/api
hxxps://4crosshairc[.]life/api
hxxps://6htardwarehu[.]icu/api
hxxps://yfeatureccus[.]shop/api
hxxps://omrodularmall[.]top/api
hxxps://crosshairc[.]life/api
hxxps://zcitydisco[.]bet/api
hxxps://rcjlaspcorne[.]icu/api
hxxps://qcitydisco[.]bet/api
hxxps://hlegenassedk[.]top/api
hxxps://fkmrodularmall[.]top/api
hxxps://6cjlaspcorne[.]icu/api
hxxps://6bugildbett[.]top/api
hxxps://citydisco[.]bet/gdJIS
hxxps://menuedgarli[.]shop/AUIqn
hxxps://featureccus[.]shop/bdMAn
hxxps://jowinjoinery[.]icu/bdWUa
hxxps://legenassedk[.]top/bdpWO
hxxps://htardwarehu[.]icu/Sbdsa
hxxps://cjlaspcorne[.]icu/DbIps
hxxps://bugildbett[.]top/bAuz
hxxps://mrodularmall[.]top/aNzS
hxxps://tfeatureccus[.]shop/api
hxxps://smrodularmall[.]top/api
hxxps://reloadrevol[.]bet/api
hxxps://rjowinjoinery[.]icu/api
hxxps://ojowinjoinery[.]icu/api
hxxps://icjlaspcorne[.]icu/api
hxxps://ibugildbett[.]top/api
hxxps://g-cjlaspcorne[.]icu/api
hxxps://flatchclan[.]shop/api
hxxps://decorathnome[.]icu/api
hxxps://8mrodularmall[.]top/api
hxxps://2ohtardwarehu[.]icu/api
hxxps://5jowinjoinery[.]icu/api
hxxps://0citydisco[.]bet/api
hxxps://togoltrove[.]shop/api
hxxps://urbanexp[.]digital/api
hxxps://electryuonicpulse[.]world/api
hxxps://athnome[.]icu/api
hxxps://wirybringero[.]shop/api
hxxps://exploreth[.]shop/api
hxxps://github[.]com/deripascod/coderoom/raw/refs/heads/main/notyhkkadaw[.]exe
hxxps://gcjlaspcorne[.]icu/api
hxxps://dcjlaspcorne[.]icu/api
hxxps://8latchclan[.]shop/api
hxxps://citychron[.]life/api
hxxps://vibrantlo[.]today/api
hxxps://skylinejo[.]world/api
hxxps://sightsa[.]bet/api
hxxps://snipersecrets[.]world/api
hxxps://urbanexpe[.]world/api
hxxps://urbanjour[.]today/api
hxxps://airsoftadv[.]life/api
hxxps://hiddenstr[.]world/api
hxxps://armamentg[.]life/api
hxxps://rangefinde[.]today/api
hxxps://pathsofur[.]today/api
hxxps://guntac[.]bet/api
hxxps://localfl[.]bet/api
hxxps://townsands[.]bet/api
hxxps://citypulsez[.]life/api
hxxps://localjour[.]run/api
hxxps://townadven[.]life/api
hxxps://gunsandg[.]run/api
hxxps://cityvib[.]run/api
hxxps://industryin[.]today/api
hxxps://cityscapea[.]run/api
hxxp://176[.]113[.]115[.]7/files/6708407063/MegVlau[.]exe
hxxps://adweaponrywo[.]digital/api
hxxps://8cjlaspcorne[.]icu/api
hxxps://zfeatureccus[.]shop/api
hxxps://yhtardwarehu[.]icu/api
hxxps://umrodularmall[.]top/api
hxxps://qlegenassedk[.]top/api
hxxps://ihtardwarehu[.]icu/api
hxxps://citywand[.]live/api
hxxps://byjowinjoinery[.]icu/api
hxxps://9x[.]citydisco[.]bet/api
hxxps://7crosshairc[.]life/api
hxxps://2weaponrywo[.]digital/api
hxxps://-cjlaspcorne[.]icu/api
hxxps://reslinsights[.]shop/api
hxxps://6jowinjoinery[.]icu/api
hxxps://1latchclan[.]shop/api
hxxps://cjowinjoinery[.]icu/api		
Lumma Stealer




URL
hxxp://280023cm[.]n9shteam1[.]top/ExternalLineLocaltemp[.]php
hxxp://331545cm[.]nyashru[.]ru/nyashsupport[.]php
hxxp://213[.]159[.]215[.]238/Datalife/Lineline8server/PythonGeoprocessgameProtectBaseCdn[.]php
hxxp://213[.]21[.]237[.]235/AuthDumpvoiddbGeo/DbPollCdn/windowsTrackExternalPublic/Update4/processorasyncPhp/ToServerdefault/RequestLinux/Testprocessorauth5/1Geo/5/DownloadsuniversalGame/RequestPublicJavascript/3linedatalifePython/ProcessorProcessorWordpress7/apiMariadbwordpresssecure/tohttpauthBasewindowsTrackwpprivateCentral[.]php
hxxp://112664cm[.]nyashk[.]ru/Asynctestdletemp[.]php
hxxp://43[.]249[.]233[.]80/providerAuthserverDbGeneratortemporary[.]php
hxxp://77[.]105[.]147[.]252/_7Base/Windowstraffic[.]php		
DCRat




URL
hxxp://107[.]174[.]231[.]211/xampp/nso/wecreatebestthingsentirelifeforgivenyou[.]hta
hxxp://107[.]174[.]231[.]211/311/cssos[.]exe
hxxp://23[.]95[.]235[.]28/xampp/rsc/rc/efs[.]hta		
MASS Logger




URL
hxxp://172[.]245[.]123[.]24/xampp/fmco/mco/mgoodnicepersonneedyourverywell[.]hta
hxxp://104[.]168[.]7[.]38/750/newworldbestsupportingthings[.]txt
hxxp://104[.]168[.]7[.]38/750/newworldbestsupportingthings[.]png
hxxp://172[.]245[.]191[.]88/880/eswa/verysurethingsonherewithgreatthings[.]hta
hxxp://104[.]168[.]7[.]38/750/eros/newworldbestsupportingthings[.]hta
hxxp://104[.]168[.]7[.]38/688/pleasemakebestthingsentiretimetogivebestof[.]txt
hxxp://172[.]245[.]123[.]24/xampp/fmco/goodnicepersonneedyourverywell[.]txt
hxxp://172[.]245[.]123[.]24/xampp/fmco/goodnicepersonneedyourverywell[.]png
hxxp://104[.]168[.]7[.]38/xampp/kscc/verynicepersonwalkingentireplacesgoodformegreat[.]png
hxxp://104[.]168[.]7[.]38/xampp/kscc/verynicepersonwalkingentireplacesgoodformegreat[.]txt
hxxp://104[.]168[.]7[.]38/xampp/kscc/scc/everynicepersonwalkingentireplacesgoodformegreat[.]hta		
Remcos




URL
hxxp://80[.]66[.]81[.]11/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs
SmartLoader




URL
hxxps://lunargocoloecho[.]xyz/MzVlMGQ1ZjgxZTc5/
Coper




URL
hxxp://45[.]93[.]20[.]224/Reader/readerupdate2[.]exe
Rhadamanthys




URL
hxxp://192[.]227[.]228[.]22/54/csrss[.]exe
DBatLoader




URL
hxxp://92[.]255[.]57[.]221/x[.]exe
hxxp://92[.]255[.]85[.]66/g[.]exe
hxxp://92[.]255[.]85[.]66/cmd[.]bat
hxxp://92[.]255[.]85[.]66/b[.]mp4		
AsyncRAT




URL
hxxps://api[.]telegram[.]org/bot7692968455:AAFUd6DDUCm9bBSVBpp5I0Oudm0YDdn6C3o/sendMessage?chat_id=6163418482
hxxps://api[.]telegram[.]org/bot8043603189:AAFpR2ormgQgQpP5aDirNgZd72aHXUsGdlI/sendMessage?chat_id=2135869667		
Snake Keylogger




URL
hxxps://cyberetc[.]com/4e7y[.]js
hxxps://cyberetc[.]com/js[.]php
hxxps://seminary[.]envisionfonddulac[.]com/profileLayout
hxxps://samaxwell[.]com/1q2w[.]js		
FAKEUPDATES




URL
hxxp://nlbmfsyplohyaicmxhum[.]com/post[.]php
hxxp://snnmnkxdhflwgthqismb[.]com/post[.]php		
Zloader




URL
hxxp://94[.]159[.]113[.]84/sysfixsync/kernel-patches/
hxxps://94[.]159[.]113[.]33/fixuplink/application-patch/		
Matanbuchus




URL
hxxps://movtime76[.]shop/files/fis[.]php
hxxps://movtime76[.]shop/files/original[.]js
hxxps://movtime76[.]shop/files/index[.]php		
NetSupportManager RAT




URL
hxxps://awakenly[.]shop/iamlighter[.]mp3
Emmenhtal




URL
hxxp://172[.]35[.]12[.]183:37380/Mozi[.]m
Mozi






※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況(※2)
▽i-FILTER(※3)
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

※ 特許取得済み(特許6716051号)/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Dアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」
▲「i-FILTER@Cloud Dアラート配信レポートサービス」の詳細はこちらから
イベント・セミナー情報