{
  "name": "IOCs for phishing campaign using BitM pages",
  "slug": "iocs-for-phishing-campaign-using-bitm-pages",
  "description": "This intelligence report focuses on a phishing campaign that utilizes Browser-in-the-Middle (BitM) pages. The campaign likely involves sophisticated tactics to intercept and manipulate browser traffic, potentially allowing attackers to harvest credentials or inject malicious content. While specific details are not provided, the use of BitM techniques suggests a high level of technical sophistication and a targeted approach to compromising user data. The report appears to include Indicators of Compromise (IOCs) related to this campaign, which could be crucial for detecting and mitigating the threat.",
  "published": "2025-09-26T11:47:25+00:00",
  "created_at": "2025-09-26T11:47:25+00:00",
  "modified_at": "2025-09-26T12:15:07+00:00",
  "created_at_opencti": "2025-09-26T11:47:25+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-09-26",
    "bitm",
    "browser-in-the-middle",
    "phishing"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "162.245.238.224"
      },
      {
        "id": "",
        "name": "36.75.75.75"
      },
      {
        "id": "",
        "name": "138.112.25.25"
      },
      {
        "id": "",
        "name": "123.181.24.36"
      },
      {
        "id": "",
        "name": "71.162.181.51"
      },
      {
        "id": "",
        "name": "verify.recaptcha-metalogin.com"
      },
      {
        "id": "",
        "name": "verify.recaptcha-metacloud.com"
      },
      {
        "id": "",
        "name": "verify.captcha-metalogin.com"
      },
      {
        "id": "",
        "name": "recaptcha.robot-metalogin.com"
      },
      {
        "id": "",
        "name": "recaptcha.login-metaquest.com"
      },
      {
        "id": "",
        "name": "recaptcha.login-businessfacebook.com"
      },
      {
        "id": "",
        "name": "recaptcha.confirm-metaquest.com"
      },
      {
        "id": "",
        "name": "recaptcha.accountscenter-metaquest.com"
      },
      {
        "id": "",
        "name": "outh.captcha-metalogin.com"
      },
      {
        "id": "",
        "name": "oauth.recaptcha-metacloud.com"
      },
      {
        "id": "",
        "name": "confirm.robotcaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "confirm.recaptcha-metacloud.com"
      },
      {
        "id": "",
        "name": "confirm.notcaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "confirm.login-metacloud.com"
      },
      {
        "id": "",
        "name": "confirm.human-metaquest.com"
      },
      {
        "id": "",
        "name": "confirm.captcha-metalogin.com"
      },
      {
        "id": "",
        "name": "confirm.botrecaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "app.vericaptchas-metahorizon.xyz"
      },
      {
        "id": "",
        "name": "app.vericaptchas-matamore.xyz"
      },
      {
        "id": "",
        "name": "app.vericapcha-metahunched.org"
      },
      {
        "id": "",
        "name": "app.vericapcha-metaresults.com"
      },
      {
        "id": "",
        "name": "app.vericapcha-metahorizonfb.org"
      },
      {
        "id": "",
        "name": "app.vericapcha-metahoriapp.org"
      },
      {
        "id": "",
        "name": "app.vericapcha-metacrescent.org"
      },
      {
        "id": "",
        "name": "veryfy-recaptcha.com"
      },
      {
        "id": "",
        "name": "verycaptcha.com"
      },
      {
        "id": "",
        "name": "verycapcha.com"
      },
      {
        "id": "",
        "name": "very-captcha.com"
      },
      {
        "id": "",
        "name": "very-capcha.com"
      },
      {
        "id": "",
        "name": "verifyhuman-meta.com"
      },
      {
        "id": "",
        "name": "verifycaptcha-meta.com"
      },
      {
        "id": "",
        "name": "verifycaptcha-businessfacebook.com"
      },
      {
        "id": "",
        "name": "verify-meta.com"
      },
      {
        "id": "",
        "name": "verify-facebook.com"
      },
      {
        "id": "",
        "name": "verify-bot.com"
      },
      {
        "id": "",
        "name": "verifier-meta.com"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonusa.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonsa.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonus.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonfb.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonit.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonfb.net"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonca.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizonau.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizon.org"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizon.net"
      },
      {
        "id": "",
        "name": "vericaptcha-metahorizon.eu"
      },
      {
        "id": "",
        "name": "vericaptcha-businessfacebook.com"
      },
      {
        "id": "",
        "name": "validate-api.com"
      },
      {
        "id": "",
        "name": "valid-meta.com"
      },
      {
        "id": "",
        "name": "veri-facebook.com"
      },
      {
        "id": "",
        "name": "thespirup123.top"
      },
      {
        "id": "",
        "name": "thelinkedup123.top"
      },
      {
        "id": "",
        "name": "thuramkia123.com"
      },
      {
        "id": "",
        "name": "thealaska.info"
      },
      {
        "id": "",
        "name": "supportmeta-horizon.net"
      },
      {
        "id": "",
        "name": "supportmeta-horizonusa.org"
      },
      {
        "id": "",
        "name": "suite-meta.com"
      },
      {
        "id": "",
        "name": "support.md"
      },
      {
        "id": "",
        "name": "smartcaptcha-meta.com"
      },
      {
        "id": "",
        "name": "safehumancheck.com"
      },
      {
        "id": "",
        "name": "shield-meta.com"
      },
      {
        "id": "",
        "name": "secureverifybot.com"
      },
      {
        "id": "",
        "name": "rotbotath-meta.com"
      },
      {
        "id": "",
        "name": "robotapi-meta.com"
      },
      {
        "id": "",
        "name": "robotcaptcha-meta.com"
      },
      {
        "id": "",
        "name": "robot-metaquest.com"
      },
      {
        "id": "",
        "name": "report-media-content.com"
      },
      {
        "id": "",
        "name": "roadmaps12.com"
      },
      {
        "id": "",
        "name": "report-copyright-metaplanet.net"
      },
      {
        "id": "",
        "name": "report-copyright-metaplanet.com"
      },
      {
        "id": "",
        "name": "report-businessfacebok.com"
      },
      {
        "id": "",
        "name": "recaptchav2-meta.com"
      },
      {
        "id": "",
        "name": "recaptcha-metahorizon.org"
      },
      {
        "id": "",
        "name": "recaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "recaptcha-metahorizon.com"
      },
      {
        "id": "",
        "name": "recaptcha-meta.org"
      },
      {
        "id": "",
        "name": "recaptcha-login.com"
      },
      {
        "id": "",
        "name": "recaptcha-confirm.live"
      },
      {
        "id": "",
        "name": "recaptcha-human.com"
      },
      {
        "id": "",
        "name": "recaptcha-businessfacebook.com"
      },
      {
        "id": "",
        "name": "rcaptcha-meta.com"
      },
      {
        "id": "",
        "name": "recaptcha-confirm.com"
      },
      {
        "id": "",
        "name": "oauth2-verify.com"
      },
      {
        "id": "",
        "name": "noverify-bot.com"
      },
      {
        "id": "",
        "name": "oauthcaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "notcaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "notcaptcha-metahorizon.com"
      },
      {
        "id": "",
        "name": "notrobot-metahorizon.com"
      },
      {
        "id": "",
        "name": "notcaptcha-metacloud.com"
      },
      {
        "id": "",
        "name": "not-capcha.com"
      },
      {
        "id": "",
        "name": "notcaptcha-meta.com"
      },
      {
        "id": "",
        "name": "norotbot-meta.com"
      },
      {
        "id": "",
        "name": "nocaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "norobot-meta.com"
      },
      {
        "id": "",
        "name": "nocaptcha-metacloud.com"
      },
      {
        "id": "",
        "name": "nocaptcha-meta.com"
      },
      {
        "id": "",
        "name": "nocapcha-meta.com"
      },
      {
        "id": "",
        "name": "nobotverify.com"
      },
      {
        "id": "",
        "name": "metaquest-captcha.com"
      },
      {
        "id": "",
        "name": "metahozzizon-12.top"
      },
      {
        "id": "",
        "name": "ncaptcha-meta.com"
      },
      {
        "id": "",
        "name": "metahozion12homes.top"
      },
      {
        "id": "",
        "name": "metahozion12.top"
      },
      {
        "id": "",
        "name": "metahagrandview12.top"
      },
      {
        "id": "",
        "name": "mb-meta.com"
      },
      {
        "id": "",
        "name": "loginpage-meta.com"
      },
      {
        "id": "",
        "name": "meta-captcha.com"
      },
      {
        "id": "",
        "name": "loginmetastar12.top"
      },
      {
        "id": "",
        "name": "login-metaquest.com"
      },
      {
        "id": "",
        "name": "loginmeta234.top"
      },
      {
        "id": "",
        "name": "guard-meta.com"
      },
      {
        "id": "",
        "name": "habanacuba83s.info"
      },
      {
        "id": "",
        "name": "kareyphatameta12.top"
      },
      {
        "id": "",
        "name": "gateverify-meta.com"
      },
      {
        "id": "",
        "name": "firewall-meta.com"
      },
      {
        "id": "",
        "name": "cunharamos123.com"
      },
      {
        "id": "",
        "name": "confrim-captcha.com"
      },
      {
        "id": "",
        "name": "copyright-videofb.com"
      },
      {
        "id": "",
        "name": "copyright-businessfacebok.com"
      },
      {
        "id": "",
        "name": "confirm-recaptcha.com"
      },
      {
        "id": "",
        "name": "confirm-recaptcha.live"
      },
      {
        "id": "",
        "name": "confirm-meta.com"
      },
      {
        "id": "",
        "name": "chickken1.top"
      },
      {
        "id": "",
        "name": "chickken.top"
      },
      {
        "id": "",
        "name": "clearcapcha.com"
      },
      {
        "id": "",
        "name": "chickenkentou12.pics"
      },
      {
        "id": "",
        "name": "chickenkentou12.top"
      },
      {
        "id": "",
        "name": "certify-meta.com"
      },
      {
        "id": "",
        "name": "captcha-metaquest.com"
      },
      {
        "id": "",
        "name": "captchabot-meta.com"
      },
      {
        "id": "",
        "name": "captchasure-meta.com"
      },
      {
        "id": "",
        "name": "captcha-metacloudn.com"
      },
      {
        "id": "",
        "name": "captcha-metacloudm.com"
      },
      {
        "id": "",
        "name": "captcha-metahorizon.com"
      },
      {
        "id": "",
        "name": "captcha-metacloudl.com"
      },
      {
        "id": "",
        "name": "captcha-meta.org"
      },
      {
        "id": "",
        "name": "captcha-metacloud.com"
      },
      {
        "id": "",
        "name": "captcha-login-website.com"
      },
      {
        "id": "",
        "name": "captcha-meta-login.com"
      },
      {
        "id": "",
        "name": "captcha-meta.com"
      },
      {
        "id": "",
        "name": "captcha-human.com"
      },
      {
        "id": "",
        "name": "captcha-facebook.com"
      },
      {
        "id": "",
        "name": "captcha-confirm.live"
      },
      {
        "id": "",
        "name": "captcha-app-login.com"
      },
      {
        "id": "",
        "name": "capchametasite125.icu"
      },
      {
        "id": "",
        "name": "capchametahozion-12.top"
      },
      {
        "id": "",
        "name": "capcha-metaquest.com"
      },
      {
        "id": "",
        "name": "cammeorio2.xyz"
      },
      {
        "id": "",
        "name": "bypasscaptcha-meta.com"
      },
      {
        "id": "",
        "name": "bypass-meta.com"
      },
      {
        "id": "",
        "name": "businesshorizon.net"
      },
      {
        "id": "",
        "name": "business-meta.com"
      },
      {
        "id": "",
        "name": "botverifyanalytics.com"
      },
      {
        "id": "",
        "name": "botdetectcaptcha.com"
      },
      {
        "id": "",
        "name": "botcaptcha-meta.com"
      },
      {
        "id": "",
        "name": "bot-secure.com"
      },
      {
        "id": "",
        "name": "bot-meta.com"
      },
      {
        "id": "",
        "name": "bot-blocker.com"
      },
      {
        "id": "",
        "name": "autocaptcha-meta.com"
      },
      {
        "id": "",
        "name": "authz-meta.com"
      },
      {
        "id": "",
        "name": "autobypass-meta.com"
      },
      {
        "id": "",
        "name": "authz-api.my"
      },
      {
        "id": "",
        "name": "authnet-hyperhorizon.net"
      },
      {
        "id": "",
        "name": "authrecaptcha-meta.com"
      },
      {
        "id": "",
        "name": "authmeta12.top"
      },
      {
        "id": "",
        "name": "authmeta1.top"
      },
      {
        "id": "",
        "name": "authmeta.top"
      },
      {
        "id": "",
        "name": "authmeta.pro"
      },
      {
        "id": "",
        "name": "authmeta.biz"
      },
      {
        "id": "",
        "name": "authgate-meta.com"
      },
      {
        "id": "",
        "name": "authen-metaquest.com"
      },
      {
        "id": "",
        "name": "authen-meta.com"
      },
      {
        "id": "",
        "name": "authen-bot.com"
      },
      {
        "id": "",
        "name": "authcaptcha-meta.com"
      },
      {
        "id": "",
        "name": "authapi-meta.com"
      },
      {
        "id": "",
        "name": "auth-meta.top"
      },
      {
        "id": "",
        "name": "apicaptcha-metahorizon.com"
      },
      {
        "id": "",
        "name": "apicaptcha-metaquest.com"
      },
      {
        "id": "",
        "name": "apicaptcha-meta.com"
      },
      {
        "id": "",
        "name": "antibot-meta.com"
      },
      {
        "id": "",
        "name": "antibotverify.com"
      },
      {
        "id": "",
        "name": "anmanianer412.com"
      },
      {
        "id": "",
        "name": "ananmajsna.com"
      },
      {
        "id": "",
        "name": "2025-04-17-ingressnightmare-scans-and-testing.md"
      },
      {
        "id": "",
        "name": "2025-03-14-testing-cve-2025-24813.md"
      },
      {
        "id": "",
        "name": "2025-03-04-group-likely-impersonating-bianlian.md"
      },
      {
        "id": "",
        "name": "2022-05-15-iocs-for-deadbolt-ransomware.md"
      },
      {
        "id": "",
        "name": "authent-metacloud.com"
      },
      {
        "id": "",
        "name": "recaptcha-metacloud.com"
      },
      {
        "id": "",
        "name": "2fgithub.com"
      },
      {
        "id": "",
        "name": "db5ace8044fe42506bbe2d05f1c1f58ad319163582aaae91b0c3123976f59abd"
      },
      {
        "id": "",
        "name": "da795c092cda9f634fa0c1e0228bafc937737cee88faae8ed7efef9c815729b5"
      },
      {
        "id": "",
        "name": "d2724fc303a5c5176c2722de5ba03da5b0cf56f05cab1a6dcbd895c89d5b01f7"
      },
      {
        "id": "",
        "name": "b077150928a2ba3900d927f2f8487fb78e1435a2dcccb12be923f2f6bff61f11"
      }
    ]
  },
  "external_refs": [
    "https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-23-IOCs-for-phishing-campaign-using-BitM-pages.txt",
    "https://otx.alienvault.com/pulse/68d6996d3fa5189b9e5bce76"
  ]
}