IOCs for phishing campaign using BitM pages
This intelligence report focuses on a phishing campaign that utilizes Browser-in-the-Middle (BitM) pages. The campaign likely involves sophisticated tactics to intercept and manipulate browser traffic, potentially allowing attackers to harvest credentials or inject malicious content. While specific details are not provided, the use of BitM techniques suggests a high level of technical sophistication and a targeted approach to compromising user data. The report appears to include Indicators of Compromise (IOCs) related to this campaign, which could be crucial for detecting and mitigating the threat.
AI Analysis
Technical Summary
This intelligence report details a phishing campaign leveraging Browser-in-the-Middle (BitM) pages, a sophisticated attack technique where adversaries intercept and manipulate browser traffic between the user and legitimate web services. BitM attacks enable attackers to harvest sensitive credentials, session cookies, or inject malicious content directly into the victim's browsing session without their knowledge. The campaign's use of BitM tactics indicates a high level of technical sophistication, likely involving man-in-the-browser (MitB) style malware or proxy-based interception methods that alter web content in real time. Although specific technical details and Indicators of Compromise (IOCs) are not provided in the summary, the referenced report by AlienVault suggests that the campaign is active and includes IOCs that can aid detection and response. The campaign is tagged with MITRE ATT&CK techniques such as T1539 (Steal Web Session Cookie), T1185 (Man-in-the-Middle), T1187 (Drive-by Compromise), T1056 (Input Capture), and T1189 (Drive-by Compromise), highlighting the multifaceted approach attackers use to compromise user data through browser manipulation and phishing. The absence of known exploits in the wild and the medium severity rating suggest the campaign is emerging or targeted rather than widespread. Overall, this threat represents a significant risk to users who may be tricked into interacting with manipulated web content, resulting in credential theft and potential further compromise of organizational networks.
Potential Impact
For European organizations, this phishing campaign poses a considerable threat to confidentiality and integrity of user credentials and sensitive data. Successful exploitation could lead to unauthorized access to corporate accounts, email compromise, and lateral movement within networks. Given the reliance on browser-based interactions for cloud services, remote work, and online banking, the campaign could disrupt business operations and lead to data breaches subject to GDPR regulations, potentially resulting in regulatory fines and reputational damage. The campaign’s ability to manipulate browser traffic stealthily increases the risk of undetected credential harvesting, making incident detection and response more challenging. Sectors with high-value targets such as finance, government, healthcare, and critical infrastructure in Europe are particularly vulnerable. Additionally, the campaign could facilitate further malware deployment or ransomware attacks following initial credential compromise.
Mitigation Recommendations
European organizations should implement multi-layered defenses tailored to combat BitM phishing campaigns. Specific measures include: 1) Deploy advanced endpoint protection capable of detecting man-in-the-browser malware and input capture techniques; 2) Enforce multi-factor authentication (MFA) across all critical services to reduce the impact of credential theft; 3) Utilize browser isolation or secure web gateways that can detect and block manipulated web content; 4) Conduct targeted phishing awareness training emphasizing the risks of manipulated browser sessions and suspicious links; 5) Monitor network traffic for anomalies indicative of proxying or traffic interception; 6) Integrate threat intelligence feeds containing the provided IOCs to enhance detection capabilities; 7) Regularly audit and update browser extensions and plugins to minimize attack surface; 8) Implement strict session management and cookie security policies to prevent session hijacking; 9) Encourage use of password managers to reduce phishing susceptibility; and 10) Establish incident response playbooks specifically addressing browser-in-the-middle attack scenarios.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
Indicators of Compromise
- hash: bd6fa5badad704b9d7b9852d0ce0c2162de7a52f
- hash: f65891a5bc3c044d46fdae7dcbfb95756f17ffe6
- hash: 2b11edab52c706fc1da0216b069c81c670bff0dacf579f4df5446a88f9b96d90
- hash: 448bfe39b6103b8374868bd1532ca2f15bf745833f2b4fef291a2d941b71f5f4
- hash: 52346ecdf234263f0a160a1d59dfd68544fb261b3a40e29f8f2743954a4f97b7
- hash: 5ed9804462c179b080b7b3fda49f782582dab5f464c0bfccc8e008c031eeee9e
- hash: 85fc04af6cd1e35ca37d9d093c9c1f018ff70b29861a7bf071aac9c0c5220af2
- hash: 908d3293db2bcd2f939400bea7380eeafbfb41b05ce56e4f9734263f6e4ca3f4
- hash: b077150928a2ba3900d927f2f8487fb78e1435a2dcccb12be923f2f6bff61f11
- hash: c922ef32c4ab94f8b870c62883f3e41755ec705db76ec4efb0d343458f1e28c7
- hash: d2724fc303a5c5176c2722de5ba03da5b0cf56f05cab1a6dcbd895c89d5b01f7
- hash: da795c092cda9f634fa0c1e0228bafc937737cee88faae8ed7efef9c815729b5
- hash: db5ace8044fe42506bbe2d05f1c1f58ad319163582aaae91b0c3123976f59abd
- hash: f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- ip: 123.181.24.36
- ip: 138.112.25.25
- ip: 162.245.238.224
- ip: 36.75.75.75
- ip: 71.162.181.51
- url: https://api.githubcopilot.com
- domain: 2022-05-15-iocs-for-deadbolt-ransomware.md
- domain: 2025-03-04-group-likely-impersonating-bianlian.md
- domain: 2025-03-14-testing-cve-2025-24813.md
- domain: 2025-04-17-ingressnightmare-scans-and-testing.md
- domain: 2fgithub.com
- domain: ananmajsna.com
- domain: anmanianer412.com
- domain: antibot-meta.com
- domain: antibotverify.com
- domain: apicaptcha-meta.com
- domain: apicaptcha-metahorizon.com
- domain: apicaptcha-metaquest.com
- domain: auth-meta.top
- domain: authapi-meta.com
- domain: authcaptcha-meta.com
- domain: authen-bot.com
- domain: authen-meta.com
- domain: authen-metaquest.com
- domain: authent-metacloud.com
- domain: authgate-meta.com
- domain: authmeta.biz
- domain: authmeta.pro
- domain: authmeta.top
- domain: authmeta1.top
- domain: authmeta12.top
- domain: authnet-hyperhorizon.net
- domain: authrecaptcha-meta.com
- domain: authz-api.my
- domain: authz-meta.com
- domain: autobypass-meta.com
- domain: autocaptcha-meta.com
- domain: bot-blocker.com
- domain: bot-meta.com
- domain: bot-secure.com
- domain: botcaptcha-meta.com
- domain: botdetectcaptcha.com
- domain: botverifyanalytics.com
- domain: business-meta.com
- domain: businesshorizon.net
- domain: bypass-meta.com
- domain: bypasscaptcha-meta.com
- domain: cammeorio2.xyz
- domain: capcha-metaquest.com
- domain: capchametahozion-12.top
- domain: capchametasite125.icu
- domain: captcha-app-login.com
- domain: captcha-confirm.live
- domain: captcha-facebook.com
- domain: captcha-human.com
- domain: captcha-login-website.com
- domain: captcha-meta-login.com
- domain: captcha-meta.com
- domain: captcha-meta.org
- domain: captcha-metacloud.com
- domain: captcha-metacloudl.com
- domain: captcha-metacloudm.com
- domain: captcha-metacloudn.com
- domain: captcha-metahorizon.com
- domain: captcha-metaquest.com
- domain: captchabot-meta.com
- domain: captchasure-meta.com
- domain: certify-meta.com
- domain: chickenkentou12.pics
- domain: chickenkentou12.top
- domain: chickken.top
- domain: chickken1.top
- domain: clearcapcha.com
- domain: confirm-meta.com
- domain: confirm-recaptcha.com
- domain: confirm-recaptcha.live
- domain: confrim-captcha.com
- domain: copyright-businessfacebok.com
- domain: copyright-videofb.com
- domain: cunharamos123.com
- domain: firewall-meta.com
- domain: gateverify-meta.com
- domain: guard-meta.com
- domain: habanacuba83s.info
- domain: kareyphatameta12.top
- domain: login-metaquest.com
- domain: loginmeta234.top
- domain: loginmetastar12.top
- domain: loginpage-meta.com
- domain: mb-meta.com
- domain: meta-captcha.com
- domain: metahagrandview12.top
- domain: metahozion12.top
- domain: metahozion12homes.top
- domain: metahozzizon-12.top
- domain: metaquest-captcha.com
- domain: ncaptcha-meta.com
- domain: nobotverify.com
- domain: nocapcha-meta.com
- domain: nocaptcha-meta.com
- domain: nocaptcha-metacloud.com
- domain: nocaptcha-metaquest.com
- domain: norobot-meta.com
- domain: norotbot-meta.com
- domain: not-capcha.com
- domain: notcaptcha-meta.com
- domain: notcaptcha-metacloud.com
- domain: notcaptcha-metahorizon.com
- domain: notcaptcha-metaquest.com
- domain: notrobot-metahorizon.com
- domain: noverify-bot.com
- domain: oauth2-verify.com
- domain: oauthcaptcha-metaquest.com
- domain: rcaptcha-meta.com
- domain: recaptcha-businessfacebook.com
- domain: recaptcha-confirm.com
- domain: recaptcha-confirm.live
- domain: recaptcha-human.com
- domain: recaptcha-login.com
- domain: recaptcha-meta.org
- domain: recaptcha-metacloud.com
- domain: recaptcha-metahorizon.com
- domain: recaptcha-metahorizon.org
- domain: recaptcha-metaquest.com
- domain: recaptchav2-meta.com
- domain: report-businessfacebok.com
- domain: report-copyright-metaplanet.com
- domain: report-copyright-metaplanet.net
- domain: report-media-content.com
- domain: roadmaps12.com
- domain: robot-metaquest.com
- domain: robotapi-meta.com
- domain: robotcaptcha-meta.com
- domain: rotbotath-meta.com
- domain: safehumancheck.com
- domain: secureverifybot.com
- domain: shield-meta.com
- domain: smartcaptcha-meta.com
- domain: suite-meta.com
- domain: support.md
- domain: supportmeta-horizon.net
- domain: supportmeta-horizonusa.org
- domain: thealaska.info
- domain: thelinkedup123.top
- domain: thespirup123.top
- domain: thuramkia123.com
- domain: valid-meta.com
- domain: validate-api.com
- domain: veri-facebook.com
- domain: vericaptcha-businessfacebook.com
- domain: vericaptcha-metahorizon.eu
- domain: vericaptcha-metahorizon.net
- domain: vericaptcha-metahorizon.org
- domain: vericaptcha-metahorizonau.org
- domain: vericaptcha-metahorizonca.org
- domain: vericaptcha-metahorizonfb.net
- domain: vericaptcha-metahorizonfb.org
- domain: vericaptcha-metahorizonit.org
- domain: vericaptcha-metahorizonsa.org
- domain: vericaptcha-metahorizonus.org
- domain: vericaptcha-metahorizonusa.org
- domain: verifier-meta.com
- domain: verify-bot.com
- domain: verify-facebook.com
- domain: verify-meta.com
- domain: verifycaptcha-businessfacebook.com
- domain: verifycaptcha-meta.com
- domain: verifyhuman-meta.com
- domain: very-capcha.com
- domain: very-captcha.com
- domain: verycapcha.com
- domain: verycaptcha.com
- domain: veryfy-recaptcha.com
- domain: app.vericapcha-metacrescent.org
- domain: app.vericapcha-metahoriapp.org
- domain: app.vericapcha-metahorizonfb.org
- domain: app.vericapcha-metahunched.org
- domain: app.vericapcha-metaresults.com
- domain: app.vericaptchas-matamore.xyz
- domain: app.vericaptchas-metahorizon.xyz
- domain: confirm.botrecaptcha-metaquest.com
- domain: confirm.captcha-metalogin.com
- domain: confirm.human-metaquest.com
- domain: confirm.login-metacloud.com
- domain: confirm.notcaptcha-metaquest.com
- domain: confirm.recaptcha-metacloud.com
- domain: confirm.robotcaptcha-metaquest.com
- domain: oauth.recaptcha-metacloud.com
- domain: outh.captcha-metalogin.com
- domain: recaptcha.accountscenter-metaquest.com
- domain: recaptcha.confirm-metaquest.com
- domain: recaptcha.login-businessfacebook.com
- domain: recaptcha.login-metaquest.com
- domain: recaptcha.robot-metalogin.com
- domain: verify.captcha-metalogin.com
- domain: verify.recaptcha-metacloud.com
- domain: verify.recaptcha-metalogin.com
IOCs for phishing campaign using BitM pages
Description
This intelligence report focuses on a phishing campaign that utilizes Browser-in-the-Middle (BitM) pages. The campaign likely involves sophisticated tactics to intercept and manipulate browser traffic, potentially allowing attackers to harvest credentials or inject malicious content. While specific details are not provided, the use of BitM techniques suggests a high level of technical sophistication and a targeted approach to compromising user data. The report appears to include Indicators of Compromise (IOCs) related to this campaign, which could be crucial for detecting and mitigating the threat.
AI-Powered Analysis
Technical Analysis
This intelligence report details a phishing campaign leveraging Browser-in-the-Middle (BitM) pages, a sophisticated attack technique where adversaries intercept and manipulate browser traffic between the user and legitimate web services. BitM attacks enable attackers to harvest sensitive credentials, session cookies, or inject malicious content directly into the victim's browsing session without their knowledge. The campaign's use of BitM tactics indicates a high level of technical sophistication, likely involving man-in-the-browser (MitB) style malware or proxy-based interception methods that alter web content in real time. Although specific technical details and Indicators of Compromise (IOCs) are not provided in the summary, the referenced report by AlienVault suggests that the campaign is active and includes IOCs that can aid detection and response. The campaign is tagged with MITRE ATT&CK techniques such as T1539 (Steal Web Session Cookie), T1185 (Man-in-the-Middle), T1187 (Drive-by Compromise), T1056 (Input Capture), and T1189 (Drive-by Compromise), highlighting the multifaceted approach attackers use to compromise user data through browser manipulation and phishing. The absence of known exploits in the wild and the medium severity rating suggest the campaign is emerging or targeted rather than widespread. Overall, this threat represents a significant risk to users who may be tricked into interacting with manipulated web content, resulting in credential theft and potential further compromise of organizational networks.
Potential Impact
For European organizations, this phishing campaign poses a considerable threat to confidentiality and integrity of user credentials and sensitive data. Successful exploitation could lead to unauthorized access to corporate accounts, email compromise, and lateral movement within networks. Given the reliance on browser-based interactions for cloud services, remote work, and online banking, the campaign could disrupt business operations and lead to data breaches subject to GDPR regulations, potentially resulting in regulatory fines and reputational damage. The campaign’s ability to manipulate browser traffic stealthily increases the risk of undetected credential harvesting, making incident detection and response more challenging. Sectors with high-value targets such as finance, government, healthcare, and critical infrastructure in Europe are particularly vulnerable. Additionally, the campaign could facilitate further malware deployment or ransomware attacks following initial credential compromise.
Mitigation Recommendations
European organizations should implement multi-layered defenses tailored to combat BitM phishing campaigns. Specific measures include: 1) Deploy advanced endpoint protection capable of detecting man-in-the-browser malware and input capture techniques; 2) Enforce multi-factor authentication (MFA) across all critical services to reduce the impact of credential theft; 3) Utilize browser isolation or secure web gateways that can detect and block manipulated web content; 4) Conduct targeted phishing awareness training emphasizing the risks of manipulated browser sessions and suspicious links; 5) Monitor network traffic for anomalies indicative of proxying or traffic interception; 6) Integrate threat intelligence feeds containing the provided IOCs to enhance detection capabilities; 7) Regularly audit and update browser extensions and plugins to minimize attack surface; 8) Implement strict session management and cookie security policies to prevent session hijacking; 9) Encourage use of password managers to reduce phishing susceptibility; and 10) Establish incident response playbooks specifically addressing browser-in-the-middle attack scenarios.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-23-IOCs-for-phishing-campaign-using-BitM-pages.txt"]
- Adversary
- null
- Pulse Id
- 68d6996d3fa5189b9e5bce76
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hashbd6fa5badad704b9d7b9852d0ce0c2162de7a52f | — | |
hashf65891a5bc3c044d46fdae7dcbfb95756f17ffe6 | — | |
hash2b11edab52c706fc1da0216b069c81c670bff0dacf579f4df5446a88f9b96d90 | — | |
hash448bfe39b6103b8374868bd1532ca2f15bf745833f2b4fef291a2d941b71f5f4 | — | |
hash52346ecdf234263f0a160a1d59dfd68544fb261b3a40e29f8f2743954a4f97b7 | — | |
hash5ed9804462c179b080b7b3fda49f782582dab5f464c0bfccc8e008c031eeee9e | — | |
hash85fc04af6cd1e35ca37d9d093c9c1f018ff70b29861a7bf071aac9c0c5220af2 | — | |
hash908d3293db2bcd2f939400bea7380eeafbfb41b05ce56e4f9734263f6e4ca3f4 | — | |
hashb077150928a2ba3900d927f2f8487fb78e1435a2dcccb12be923f2f6bff61f11 | — | |
hashc922ef32c4ab94f8b870c62883f3e41755ec705db76ec4efb0d343458f1e28c7 | — | |
hashd2724fc303a5c5176c2722de5ba03da5b0cf56f05cab1a6dcbd895c89d5b01f7 | — | |
hashda795c092cda9f634fa0c1e0228bafc937737cee88faae8ed7efef9c815729b5 | — | |
hashdb5ace8044fe42506bbe2d05f1c1f58ad319163582aaae91b0c3123976f59abd | — | |
hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip123.181.24.36 | — | |
ip138.112.25.25 | — | |
ip162.245.238.224 | — | |
ip36.75.75.75 | — | |
ip71.162.181.51 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.githubcopilot.com | — |
Domain
| Value | Description | Copy |
|---|---|---|
domain2022-05-15-iocs-for-deadbolt-ransomware.md | — | |
domain2025-03-04-group-likely-impersonating-bianlian.md | — | |
domain2025-03-14-testing-cve-2025-24813.md | — | |
domain2025-04-17-ingressnightmare-scans-and-testing.md | — | |
domain2fgithub.com | — | |
domainananmajsna.com | — | |
domainanmanianer412.com | — | |
domainantibot-meta.com | — | |
domainantibotverify.com | — | |
domainapicaptcha-meta.com | — | |
domainapicaptcha-metahorizon.com | — | |
domainapicaptcha-metaquest.com | — | |
domainauth-meta.top | — | |
domainauthapi-meta.com | — | |
domainauthcaptcha-meta.com | — | |
domainauthen-bot.com | — | |
domainauthen-meta.com | — | |
domainauthen-metaquest.com | — | |
domainauthent-metacloud.com | — | |
domainauthgate-meta.com | — | |
domainauthmeta.biz | — | |
domainauthmeta.pro | — | |
domainauthmeta.top | — | |
domainauthmeta1.top | — | |
domainauthmeta12.top | — | |
domainauthnet-hyperhorizon.net | — | |
domainauthrecaptcha-meta.com | — | |
domainauthz-api.my | — | |
domainauthz-meta.com | — | |
domainautobypass-meta.com | — | |
domainautocaptcha-meta.com | — | |
domainbot-blocker.com | — | |
domainbot-meta.com | — | |
domainbot-secure.com | — | |
domainbotcaptcha-meta.com | — | |
domainbotdetectcaptcha.com | — | |
domainbotverifyanalytics.com | — | |
domainbusiness-meta.com | — | |
domainbusinesshorizon.net | — | |
domainbypass-meta.com | — | |
domainbypasscaptcha-meta.com | — | |
domaincammeorio2.xyz | — | |
domaincapcha-metaquest.com | — | |
domaincapchametahozion-12.top | — | |
domaincapchametasite125.icu | — | |
domaincaptcha-app-login.com | — | |
domaincaptcha-confirm.live | — | |
domaincaptcha-facebook.com | — | |
domaincaptcha-human.com | — | |
domaincaptcha-login-website.com | — | |
domaincaptcha-meta-login.com | — | |
domaincaptcha-meta.com | — | |
domaincaptcha-meta.org | — | |
domaincaptcha-metacloud.com | — | |
domaincaptcha-metacloudl.com | — | |
domaincaptcha-metacloudm.com | — | |
domaincaptcha-metacloudn.com | — | |
domaincaptcha-metahorizon.com | — | |
domaincaptcha-metaquest.com | — | |
domaincaptchabot-meta.com | — | |
domaincaptchasure-meta.com | — | |
domaincertify-meta.com | — | |
domainchickenkentou12.pics | — | |
domainchickenkentou12.top | — | |
domainchickken.top | — | |
domainchickken1.top | — | |
domainclearcapcha.com | — | |
domainconfirm-meta.com | — | |
domainconfirm-recaptcha.com | — | |
domainconfirm-recaptcha.live | — | |
domainconfrim-captcha.com | — | |
domaincopyright-businessfacebok.com | — | |
domaincopyright-videofb.com | — | |
domaincunharamos123.com | — | |
domainfirewall-meta.com | — | |
domaingateverify-meta.com | — | |
domainguard-meta.com | — | |
domainhabanacuba83s.info | — | |
domainkareyphatameta12.top | — | |
domainlogin-metaquest.com | — | |
domainloginmeta234.top | — | |
domainloginmetastar12.top | — | |
domainloginpage-meta.com | — | |
domainmb-meta.com | — | |
domainmeta-captcha.com | — | |
domainmetahagrandview12.top | — | |
domainmetahozion12.top | — | |
domainmetahozion12homes.top | — | |
domainmetahozzizon-12.top | — | |
domainmetaquest-captcha.com | — | |
domainncaptcha-meta.com | — | |
domainnobotverify.com | — | |
domainnocapcha-meta.com | — | |
domainnocaptcha-meta.com | — | |
domainnocaptcha-metacloud.com | — | |
domainnocaptcha-metaquest.com | — | |
domainnorobot-meta.com | — | |
domainnorotbot-meta.com | — | |
domainnot-capcha.com | — | |
domainnotcaptcha-meta.com | — | |
domainnotcaptcha-metacloud.com | — | |
domainnotcaptcha-metahorizon.com | — | |
domainnotcaptcha-metaquest.com | — | |
domainnotrobot-metahorizon.com | — | |
domainnoverify-bot.com | — | |
domainoauth2-verify.com | — | |
domainoauthcaptcha-metaquest.com | — | |
domainrcaptcha-meta.com | — | |
domainrecaptcha-businessfacebook.com | — | |
domainrecaptcha-confirm.com | — | |
domainrecaptcha-confirm.live | — | |
domainrecaptcha-human.com | — | |
domainrecaptcha-login.com | — | |
domainrecaptcha-meta.org | — | |
domainrecaptcha-metacloud.com | — | |
domainrecaptcha-metahorizon.com | — | |
domainrecaptcha-metahorizon.org | — | |
domainrecaptcha-metaquest.com | — | |
domainrecaptchav2-meta.com | — | |
domainreport-businessfacebok.com | — | |
domainreport-copyright-metaplanet.com | — | |
domainreport-copyright-metaplanet.net | — | |
domainreport-media-content.com | — | |
domainroadmaps12.com | — | |
domainrobot-metaquest.com | — | |
domainrobotapi-meta.com | — | |
domainrobotcaptcha-meta.com | — | |
domainrotbotath-meta.com | — | |
domainsafehumancheck.com | — | |
domainsecureverifybot.com | — | |
domainshield-meta.com | — | |
domainsmartcaptcha-meta.com | — | |
domainsuite-meta.com | — | |
domainsupport.md | — | |
domainsupportmeta-horizon.net | — | |
domainsupportmeta-horizonusa.org | — | |
domainthealaska.info | — | |
domainthelinkedup123.top | — | |
domainthespirup123.top | — | |
domainthuramkia123.com | — | |
domainvalid-meta.com | — | |
domainvalidate-api.com | — | |
domainveri-facebook.com | — | |
domainvericaptcha-businessfacebook.com | — | |
domainvericaptcha-metahorizon.eu | — | |
domainvericaptcha-metahorizon.net | — | |
domainvericaptcha-metahorizon.org | — | |
domainvericaptcha-metahorizonau.org | — | |
domainvericaptcha-metahorizonca.org | — | |
domainvericaptcha-metahorizonfb.net | — | |
domainvericaptcha-metahorizonfb.org | — | |
domainvericaptcha-metahorizonit.org | — | |
domainvericaptcha-metahorizonsa.org | — | |
domainvericaptcha-metahorizonus.org | — | |
domainvericaptcha-metahorizonusa.org | — | |
domainverifier-meta.com | — | |
domainverify-bot.com | — | |
domainverify-facebook.com | — | |
domainverify-meta.com | — | |
domainverifycaptcha-businessfacebook.com | — | |
domainverifycaptcha-meta.com | — | |
domainverifyhuman-meta.com | — | |
domainvery-capcha.com | — | |
domainvery-captcha.com | — | |
domainverycapcha.com | — | |
domainverycaptcha.com | — | |
domainveryfy-recaptcha.com | — | |
domainapp.vericapcha-metacrescent.org | — | |
domainapp.vericapcha-metahoriapp.org | — | |
domainapp.vericapcha-metahorizonfb.org | — | |
domainapp.vericapcha-metahunched.org | — | |
domainapp.vericapcha-metaresults.com | — | |
domainapp.vericaptchas-matamore.xyz | — | |
domainapp.vericaptchas-metahorizon.xyz | — | |
domainconfirm.botrecaptcha-metaquest.com | — | |
domainconfirm.captcha-metalogin.com | — | |
domainconfirm.human-metaquest.com | — | |
domainconfirm.login-metacloud.com | — | |
domainconfirm.notcaptcha-metaquest.com | — | |
domainconfirm.recaptcha-metacloud.com | — | |
domainconfirm.robotcaptcha-metaquest.com | — | |
domainoauth.recaptcha-metacloud.com | — | |
domainouth.captcha-metalogin.com | — | |
domainrecaptcha.accountscenter-metaquest.com | — | |
domainrecaptcha.confirm-metaquest.com | — | |
domainrecaptcha.login-businessfacebook.com | — | |
domainrecaptcha.login-metaquest.com | — | |
domainrecaptcha.robot-metalogin.com | — | |
domainverify.captcha-metalogin.com | — | |
domainverify.recaptcha-metacloud.com | — | |
domainverify.recaptcha-metalogin.com | — |
Threat ID: 68d69af2bb2d0545928903c5
Added to database: 9/26/2025, 1:53:54 PM
Last enriched: 9/26/2025, 1:54:48 PM
Last updated: 9/27/2025, 10:01:28 PM
Views: 12
Related Threats
HTML File Attachments: Still A Threat
MediumHow a new PlugX variant abuses DLL search order hijacking
MediumFrom primitive crypto theft to sophisticated AI-based deception
MediumShai-Hulud worm infects npm packages
MediumXCSSET evolves again: Analyzing the latest updates to XCSSET's inventory
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.