misp-circl-feed/feeds/circl/misp/59aeaab2-3ea4-4b1a-b521-460a950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-08-14",
    "extends_uuid": "",
    "info": "OSINT - Threat actor goes on a Chrome extension hijacking spree",
    "publish_timestamp": "1504625402",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1504620657",
    "uuid": "59aeaab2-3ea4-4b1a-b521-460a950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#004646",
        "name": "type:OSINT"
      },
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      },
      {
        "colour": "#00223b",
        "name": "osint:source-type=\"blog-post\""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504619338",
        "to_ids": false,
        "type": "link",
        "uuid": "59aeab28-2220-43d5-ad33-baa3950d210f",
        "value": "https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504619331",
        "to_ids": false,
        "type": "comment",
        "uuid": "59aeab3b-be40-4728-b629-4827950d210f",
        "value": "Chrome Extensions are a powerful means of adding functionality to the Chrome browser with features ranging from easier posting of content on social media to integrated developer tools. At the end of July and beginning of August, several Chrome Extensions were compromised after their author\u00e2\u20ac\u2122s  Google Account credentials were stolen via a phishing scheme. This resulted in hijacking of traffic and exposing users to potentially malicious popups and credential theft.",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620064",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeae20-ed9c-4ec5-ab26-451e950d210f",
        "value": "https://wd7bdb20e4d622f6569f3e8503138c859d.win/ga.js"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620064",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeae20-84a8-41e8-9d0e-4f24950d210f",
        "value": "https://wd8a2b7d68f1c7c7f34381dc1a198465b4.win/ga.js"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-4cf4-4d90-8af5-4030950d210f",
        "value": "click.rdr11.top|31.186.103.146"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-4a5c-40f3-8f59-496b950d210f",
        "value": "chromedevelopment.site|31.186.103.147"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-0f14-4aad-ac4b-47d3950d210f",
        "value": "login.chromeextensions.info|31.186.103.149"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-80c4-4e0a-9dc8-41bd950d210f",
        "value": "chromeextensions.info|31.186.103.149"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-b9cc-403c-8976-40b3950d210f",
        "value": "wd8a2b7d68f1c7c7f34381dc1a198465b4.win|104.131.30.88"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-c08c-45fb-92b0-4757950d210f",
        "value": "wd7bdb20e4d622f6569f3e8503138c859d.win|104.131.30.88"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-e28c-4cbe-a25f-4d19950d210f",
        "value": "loading.website|162.255.119.12"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-4110-469a-8785-4156950d210f",
        "value": "searchtab.win|104.131.67.58"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-0c5c-4008-94cd-46ab950d210f",
        "value": "redirect2.top|104.131.67.58"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-02dc-4d5b-b310-4333950d210f",
        "value": "browser-updates.info|198.54.117.212"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-26d0-4488-bf37-4616950d210f",
        "value": "browser-updates.info/firebase_subscribe.js"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-10f4-46ec-b864-4b4b950d210f",
        "value": "imagetwist.info|174.138.62.139"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-6550-490c-928f-4209950d210f",
        "value": "http://searchtab.win/ga.js"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-92a4-4752-9788-462a950d210f",
        "value": "http://redirect2.top/ga.js"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-c4a8-4b2f-8814-4d87950d210f",
        "value": "http://partner-net.men/code/pid/linkcheck.js?rev=133"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-2654-4152-b056-40c0950d210f",
        "value": "https://f.partnerwork.men/code/code/index_4.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-1208-495c-b833-4409950d210f",
        "value": "https://f.partnerwork.men/code/code/mss_3.js"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-1658-439a-8783-4cf9950d210f",
        "value": "https://y.partnerwork.men/code/code/index_3.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-5860-4be5-b05f-48a9950d210f",
        "value": "http://partner-net.men/code/pid/973820_BNX.js?rev=133"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-5f08-426e-8bc8-4880950d210f",
        "value": "http://partner-net.men/code/?pid=973820&r="
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-21b8-4116-a1ad-4e35950d210f",
        "value": "login.chromedevelopment.site|31.186.103.147"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-e4a8-4538-86ce-4b1d950d210f",
        "value": "y.partnerwork.men|185.147.15.35"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-b520-4843-999b-48b2950d210f",
        "value": "f.partnerwork.men|185.147.15.37"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-a2c0-4f4c-8ce4-4268950d210f",
        "value": "partner-net.men|95.211.68.187"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-0574-4d0e-b731-400e950d210f",
        "value": "partner-net.men|95.211.68.186"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-ac44-4eec-891e-40aa950d210f",
        "value": "b.partner-net.men|"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-8f3c-4510-b8df-4fca950d210f",
        "value": "http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_251.563088.1501708560.18.mzb&utm_source=prfl&utm_medium=cps&utm_campaign=pck_prfl_cps_ww_713&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1641011700&tid_ext=1451151054"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-7ebc-476b-aff5-44c8950d210f",
        "value": "http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_281.2294418.1495859377.18.mzb&utm_source=maxb&utm_medium=cps&utm_campaign=pck_maxb_cps_eu2_713&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1638077&tid_ext=pck_maxb_cps_us_eu2_sale"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "url",
        "uuid": "59aeaff3-7a98-4fc5-a6cc-4550950d210f",
        "value": "http://wlp.cleanmypc.online/mxbt1/?x-context=496906380&utm_source=mxapcfx5&utm_campaign=mxapcfx5&pxl=MXA2240_MXA2193_RUNT&utm_pubid=56754&x-at=XXXXX&override=1"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-abb0-4e01-89f2-45af950d210f",
        "value": "cookie-policy.org|45.55.128.61"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-c490-43f6-af66-4c3b950d210f",
        "value": "cdn2.info|45.55.128.61"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-1f74-4f5a-9d55-40f4950d210f",
        "value": "cdn8.info|45.55.128.61"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-0eec-4a7f-aabf-44ee950d210f",
        "value": "cdn.cookiescript.info|52.222.226.223"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-d498-4a9b-9910-4efd950d210f",
        "value": "cdn.front.to|162.243.105.107"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-7d5c-4e7e-81f6-447f950d210f",
        "value": "ganalytics.win|104.131.30.88"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "domain",
        "uuid": "59aeaff3-1b94-4a69-b185-489b950d210f",
        "value": "92fffe0ba52da491a2b7576627f3693a.pro"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "domain",
        "uuid": "59aeaff3-c510-432c-a185-4cd8950d210f",
        "value": "7ce508e6099e31f68c2fd50c362f087d.pro"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-01e0-493b-8529-4eb2950d210f",
        "value": "partner-print.men|185.147.15.39"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1504620531",
        "to_ids": true,
        "type": "filename",
        "uuid": "59aeaff3-e5e4-4e09-9a38-48ac950d210f",
        "value": "extstat.com|185.147.15.39"
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
			`"Event": {`
			`"analysis": "2",`
			`"date": "2017-08-14",`
			`"extends_uuid": "",`
			`"info": "OSINT - Threat actor goes on a Chrome extension hijacking spree",`
			`"publish_timestamp": "1504625402",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1504620657",`
			`"uuid": "59aeaab2-3ea4-4b1a-b521-460a950d210f",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#004646",`
			`"name": "type:OSINT"`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"name": "tlp:white"`
			`},`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504619338",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "59aeab28-2220-43d5-ad33-baa3950d210f",`
			`"value": "https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504619331",`
			`"to_ids": false,`
			`"type": "comment",`
			`"uuid": "59aeab3b-be40-4728-b629-4827950d210f",`
			`"value": "Chrome Extensions are a powerful means of adding functionality to the Chrome browser with features ranging from easier posting of content on social media to integrated developer tools. At the end of July and beginning of August, several Chrome Extensions were compromised after their author\u00e2\u20ac\u2122s Google Account credentials were stolen via a phishing scheme. This resulted in hijacking of traffic and exposing users to potentially malicious popups and credential theft.",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620064",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeae20-ed9c-4ec5-ab26-451e950d210f",`
			`"value": "https://wd7bdb20e4d622f6569f3e8503138c859d.win/ga.js"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620064",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeae20-84a8-41e8-9d0e-4f24950d210f",`
			`"value": "https://wd8a2b7d68f1c7c7f34381dc1a198465b4.win/ga.js"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-4cf4-4d90-8af5-4030950d210f",`
			`"value": "click.rdr11.top\|31.186.103.146"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-4a5c-40f3-8f59-496b950d210f",`
			`"value": "chromedevelopment.site\|31.186.103.147"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-0f14-4aad-ac4b-47d3950d210f",`
			`"value": "login.chromeextensions.info\|31.186.103.149"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-80c4-4e0a-9dc8-41bd950d210f",`
			`"value": "chromeextensions.info\|31.186.103.149"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-b9cc-403c-8976-40b3950d210f",`
			`"value": "wd8a2b7d68f1c7c7f34381dc1a198465b4.win\|104.131.30.88"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-c08c-45fb-92b0-4757950d210f",`
			`"value": "wd7bdb20e4d622f6569f3e8503138c859d.win\|104.131.30.88"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-e28c-4cbe-a25f-4d19950d210f",`
			`"value": "loading.website\|162.255.119.12"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-4110-469a-8785-4156950d210f",`
			`"value": "searchtab.win\|104.131.67.58"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-0c5c-4008-94cd-46ab950d210f",`
			`"value": "redirect2.top\|104.131.67.58"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-02dc-4d5b-b310-4333950d210f",`
			`"value": "browser-updates.info\|198.54.117.212"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-26d0-4488-bf37-4616950d210f",`
			`"value": "browser-updates.info/firebase_subscribe.js"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-10f4-46ec-b864-4b4b950d210f",`
			`"value": "imagetwist.info\|174.138.62.139"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-6550-490c-928f-4209950d210f",`
			`"value": "http://searchtab.win/ga.js"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-92a4-4752-9788-462a950d210f",`
			`"value": "http://redirect2.top/ga.js"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-c4a8-4b2f-8814-4d87950d210f",`
			`"value": "http://partner-net.men/code/pid/linkcheck.js?rev=133"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-2654-4152-b056-40c0950d210f",`
			`"value": "https://f.partnerwork.men/code/code/index_4.php"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-1208-495c-b833-4409950d210f",`
			`"value": "https://f.partnerwork.men/code/code/mss_3.js"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-1658-439a-8783-4cf9950d210f",`
			`"value": "https://y.partnerwork.men/code/code/index_3.php"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-5860-4be5-b05f-48a9950d210f",`
			`"value": "http://partner-net.men/code/pid/973820_BNX.js?rev=133"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-5f08-426e-8bc8-4880950d210f",`
			`"value": "http://partner-net.men/code/?pid=973820&r="`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-21b8-4116-a1ad-4e35950d210f",`
			`"value": "login.chromedevelopment.site\|31.186.103.147"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-e4a8-4538-86ce-4b1d950d210f",`
			`"value": "y.partnerwork.men\|185.147.15.35"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-b520-4843-999b-48b2950d210f",`
			`"value": "f.partnerwork.men\|185.147.15.37"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-a2c0-4f4c-8ce4-4268950d210f",`
			`"value": "partner-net.men\|95.211.68.187"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-0574-4d0e-b731-400e950d210f",`
			`"value": "partner-net.men\|95.211.68.186"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-ac44-4eec-891e-40aa950d210f",`
			`"value": "b.partner-net.men\|"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-8f3c-4510-b8df-4fca950d210f",`
			`"value": "http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_251.563088.1501708560.18.mzb&utm_source=prfl&utm_medium=cps&utm_campaign=pck_prfl_cps_ww_713&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1641011700&tid_ext=1451151054"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-7ebc-476b-aff5-44c8950d210f",`
			`"value": "http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_281.2294418.1495859377.18.mzb&utm_source=maxb&utm_medium=cps&utm_campaign=pck_maxb_cps_eu2_713&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1638077&tid_ext=pck_maxb_cps_us_eu2_sale"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "59aeaff3-7a98-4fc5-a6cc-4550950d210f",`
			`"value": "http://wlp.cleanmypc.online/mxbt1/?x-context=496906380&utm_source=mxapcfx5&utm_campaign=mxapcfx5&pxl=MXA2240_MXA2193_RUNT&utm_pubid=56754&x-at=XXXXX&override=1"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-abb0-4e01-89f2-45af950d210f",`
			`"value": "cookie-policy.org\|45.55.128.61"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-c490-43f6-af66-4c3b950d210f",`
			`"value": "cdn2.info\|45.55.128.61"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-1f74-4f5a-9d55-40f4950d210f",`
			`"value": "cdn8.info\|45.55.128.61"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-0eec-4a7f-aabf-44ee950d210f",`
			`"value": "cdn.cookiescript.info\|52.222.226.223"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-d498-4a9b-9910-4efd950d210f",`
			`"value": "cdn.front.to\|162.243.105.107"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-7d5c-4e7e-81f6-447f950d210f",`
			`"value": "ganalytics.win\|104.131.30.88"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "59aeaff3-1b94-4a69-b185-489b950d210f",`
			`"value": "92fffe0ba52da491a2b7576627f3693a.pro"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "59aeaff3-c510-432c-a185-4cd8950d210f",`
			`"value": "7ce508e6099e31f68c2fd50c362f087d.pro"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-01e0-493b-8529-4eb2950d210f",`
			`"value": "partner-print.men\|185.147.15.39"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1504620531",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "59aeaff3-e5e4-4e09-9a38-48ac950d210f",`
			`"value": "extstat.com\|185.147.15.39"`
			`}`
			`]`
			`}`
			`}`