Threat actor goes on a Chrome extension hijacking spree | Proofpoint US
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a7714e77-3121-4bca-80f2-9ff582c45b92 |
| Fingerprint | 880599d280127ae7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 14, 2017, 10 p.m. |
| Added to db | Feb. 17, 2023, 10:20 p.m. |
| Last updated | Nov. 18, 2024, 2:36 a.m. |
| Headline | Threat actor goes on a Chrome extension hijacking spree |
| Title | Threat actor goes on a Chrome extension hijacking spree | Proofpoint US |
| Detected Hints/Tags/Attributes | 47/2/95 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 28 | date.now |
|
| Details | Domain | 1 | wd7bdb20e4d622f6569f3e8503138c859d.win |
|
| Details | Domain | 1 | wd8a2b7d68f1c7c7f34381dc1a198465b4.win |
|
| Details | Domain | 1 | partner-net.men |
|
| Details | Domain | 1 | browser-updates.info |
|
| Details | Domain | 1 | redirect2.top |
|
| Details | Domain | 1 | loading.website |
|
| Details | Domain | 1 | browser-update.info |
|
| Details | Domain | 1 | searchtab.win |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | chrispederick.com |
|
| Details | Domain | 10 | phishme.com |
|
| Details | Domain | 1 | www.centbrowser.com |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 1 | divbits.com |
|
| Details | Domain | 2 | bartblaze.blogspot.co.uk |
|
| Details | Domain | 1 | infinitynewtab.com |
|
| Details | Domain | 1 | a9t9.com |
|
| Details | Domain | 221 | gist.github.com |
|
| Details | Domain | 335 | www.facebook.com |
|
| Details | Domain | 1 | click.rdr11.top |
|
| Details | Domain | 1 | chromedevelopment.site |
|
| Details | Domain | 1 | login.chromeextensions.info |
|
| Details | Domain | 1 | chromeextensions.info |
|
| Details | Domain | 1 | imagetwist.info |
|
| Details | Domain | 1 | partnerwork.men |
|
| Details | Domain | 1 | login.chromedevelopment.site |
|
| Details | Domain | 1 | cookie-policy.org |
|
| Details | Domain | 1 | cdn2.info |
|
| Details | Domain | 1 | cdn8.info |
|
| Details | Domain | 1 | cdn.cookiescript.info |
|
| Details | Domain | 1 | cdn.front.to |
|
| Details | Domain | 1 | ganalytics.win |
|
| Details | Domain | 1 | 92fffe0ba52da491a2b7576627f3693a.pro |
|
| Details | Domain | 1 | 7ce508e6099e31f68c2fd50c362f087d.pro |
|
| Details | Domain | 1 | partner-print.men |
|
| Details | Domain | 1 | extstat.com |
|
| Details | File | 17 | content.js |
|
| Details | File | 18 | ga.js |
|
| Details | File | 1 | 973820_bnx.js |
|
| Details | File | 1 | 695529_bnx.js |
|
| Details | File | 2 | tds.php |
|
| Details | File | 1 | printthread.php |
|
| Details | File | 1 | eu-cookie-law-and-fake-chrome-extensions.html |
|
| Details | File | 4 | notice.html |
|
| Details | File | 1 | firebase_subscribe.js |
|
| Details | File | 1 | linkcheck.js |
|
| Details | File | 1 | index_4.php |
|
| Details | File | 1 | mss_3.js |
|
| Details | File | 1 | index_3.php |
|
| Details | File | 1206 | index.php |
|
| Details | Github username | 1 | felixwolf |
|
| Details | md5 | 1 | 066fd5ca2672f15089e7712827140bd9 |
|
| Details | md5 | 1 | 92fffe0ba52da491a2b7576627f3693a |
|
| Details | md5 | 1 | 7ce508e6099e31f68c2fd50c362f087d |
|
| Details | IPv4 | 1 | 31.186.103.146 |
|
| Details | IPv4 | 1 | 31.186.103.147 |
|
| Details | IPv4 | 1 | 31.186.103.149 |
|
| Details | IPv4 | 1 | 104.131.30.88 |
|
| Details | IPv4 | 1 | 162.255.119.12 |
|
| Details | IPv4 | 1 | 104.131.67.58 |
|
| Details | IPv4 | 4 | 198.54.117.212 |
|
| Details | IPv4 | 1 | 174.138.62.139 |
|
| Details | IPv4 | 1 | 185.147.15.35 |
|
| Details | IPv4 | 1 | 185.147.15.37 |
|
| Details | IPv4 | 1 | 95.211.68.187 |
|
| Details | IPv4 | 1 | 95.211.68.186 |
|
| Details | IPv4 | 1 | 45.55.128.61 |
|
| Details | IPv4 | 1 | 52.222.226.223 |
|
| Details | IPv4 | 1 | 162.243.105.107 |
|
| Details | IPv4 | 1 | 185.147.15.39 |
|
| Details | Url | 1 | https://wd7bdb20e4d622f6569f3e8503138c859d.win/ga.js |
|
| Details | Url | 1 | https://wd8a2b7d68f1c7c7f34381dc1a198465b4.win/ga.js |
|
| Details | Url | 1 | https://twitter.com/chrispederick/status/892768218162487300 |
|
| Details | Url | 1 | http://chrispederick.com/blog/web-developer-for-chrome-compromised |
|
| Details | Url | 1 | https://phishme.com/even-smart-ones-fall-phishing |
|
| Details | Url | 1 | https://www.centbrowser.com/forum/printthread.php?tid=1394&page=2 |
|
| Details | Url | 1 | https://pastebin.com/phf7ehrg |
|
| Details | Url | 1 | http://divbits.com/joomla-hacked-pop-message |
|
| Details | Url | 1 | https://bartblaze.blogspot.co.uk/2016/07/eu-cookie-law-and-fake-chrome-extensions.html |
|
| Details | Url | 1 | http://infinitynewtab.com/notice.html |
|
| Details | Url | 1 | https://a9t9.com/blog/chrome-extension-adware |
|
| Details | Url | 1 | https://gist.github.com/felixwolf/066fd5ca2672f15089e7712827140bd9 |
|
| Details | Url | 1 | https://www.facebook.com/socialfixer/posts/10155117415829342 |
|
| Details | Url | 1 | http://searchtab.win/ga.js |
|
| Details | Url | 1 | http://redirect2.top/ga.js |
|
| Details | Url | 1 | http://partner-net.men/code/pid/linkcheck.js?rev=133 |
|
| Details | Url | 1 | https://f.partnerwork.men/code/code/index_4.php |
|
| Details | Url | 1 | https://f.partnerwork.men/code/code/mss_3.js |
|
| Details | Url | 1 | https://y.partnerwork.men/code/code/index_3.php |
|
| Details | Url | 1 | http://partner-net.men/code/pid/973820_bnx.js?rev=133 |
|
| Details | Url | 1 | http://partner-net.men/code/?pid=973820&r= |
|
| Details | Url | 1 | http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_251.563088.1501708560.18.mzb |
|
| Details | Url | 1 | http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_281.2294418.1495859377.18.mzb |
|
| Details | Url | 1 | http://wlp.cleanmypc.online/mxbt1/?x |