IOCs for phishing campaign using BitM pages

Sept. 26, 2025, 2:15 p.m.

Description

This intelligence report focuses on a phishing campaign that utilizes Browser-in-the-Middle (BitM) pages. The campaign likely involves sophisticated tactics to intercept and manipulate browser traffic, potentially allowing attackers to harvest credentials or inject malicious content. While specific details are not provided, the use of BitM techniques suggests a high level of technical sophistication and a targeted approach to compromising user data. The report appears to include Indicators of Compromise (IOCs) related to this campaign, which could be crucial for detecting and mitigating the threat.

External References

https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-23-IOCs-for-phishing-campaign-using-BitM-pages.txt
https://otx.alienvault.com/pulse/68d6996d3fa5189b9e5bce76
Tags
phishing
2025-09-26
browser-in-the-middle
bitm

Date

  • Created: Sept. 26, 2025, 1:47 p.m.
  • Published: Sept. 26, 2025, 1:47 p.m.
  • Modified: Sept. 26, 2025, 2:15 p.m.

Indicators

  • db5ace8044fe42506bbe2d05f1c1f58ad319163582aaae91b0c3123976f59abd
  • da795c092cda9f634fa0c1e0228bafc937737cee88faae8ed7efef9c815729b5
  • d2724fc303a5c5176c2722de5ba03da5b0cf56f05cab1a6dcbd895c89d5b01f7
  • b077150928a2ba3900d927f2f8487fb78e1435a2dcccb12be923f2f6bff61f11
  • 908d3293db2bcd2f939400bea7380eeafbfb41b05ce56e4f9734263f6e4ca3f4
  • 85fc04af6cd1e35ca37d9d093c9c1f018ff70b29861a7bf071aac9c0c5220af2
  • 5ed9804462c179b080b7b3fda49f782582dab5f464c0bfccc8e008c031eeee9e
  • 52346ecdf234263f0a160a1d59dfd68544fb261b3a40e29f8f2743954a4f97b7
  • 448bfe39b6103b8374868bd1532ca2f15bf745833f2b4fef291a2d941b71f5f4
  • 2b11edab52c706fc1da0216b069c81c670bff0dacf579f4df5446a88f9b96d90
  • c922ef32c4ab94f8b870c62883f3e41755ec705db76ec4efb0d343458f1e28c7
  • f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
  • 162.245.238.224
  • 36.75.75.75
  • 138.112.25.25
  • 123.181.24.36
  • 71.162.181.51
  • verify.recaptcha-metalogin.com
  • verify.recaptcha-metacloud.com
  • verify.captcha-metalogin.com
  • recaptcha.robot-metalogin.com
  • recaptcha.login-metaquest.com
  • recaptcha.login-businessfacebook.com
  • recaptcha.confirm-metaquest.com
  • recaptcha.accountscenter-metaquest.com
  • outh.captcha-metalogin.com
  • oauth.recaptcha-metacloud.com
  • confirm.robotcaptcha-metaquest.com
  • confirm.recaptcha-metacloud.com
  • confirm.notcaptcha-metaquest.com
  • confirm.login-metacloud.com
  • confirm.human-metaquest.com
  • confirm.captcha-metalogin.com
  • confirm.botrecaptcha-metaquest.com
  • app.vericaptchas-metahorizon.xyz
  • app.vericaptchas-matamore.xyz
  • app.vericapcha-metahunched.org
  • app.vericapcha-metaresults.com
  • app.vericapcha-metahorizonfb.org
  • app.vericapcha-metahoriapp.org
  • app.vericapcha-metacrescent.org
  • veryfy-recaptcha.com
  • verycaptcha.com
  • verycapcha.com
  • very-captcha.com
  • very-capcha.com
  • verifyhuman-meta.com
  • verifycaptcha-meta.com
  • verifycaptcha-businessfacebook.com
  • verify-meta.com
  • verify-facebook.com
  • verify-bot.com
  • verifier-meta.com
  • vericaptcha-metahorizonusa.org
  • vericaptcha-metahorizonsa.org
  • vericaptcha-metahorizonus.org
  • vericaptcha-metahorizonfb.org
  • vericaptcha-metahorizonit.org
  • vericaptcha-metahorizonfb.net
  • vericaptcha-metahorizonca.org
  • vericaptcha-metahorizonau.org
  • vericaptcha-metahorizon.org
  • vericaptcha-metahorizon.net
  • vericaptcha-metahorizon.eu
  • vericaptcha-businessfacebook.com
  • validate-api.com
  • valid-meta.com
  • veri-facebook.com
  • thespirup123.top
  • thelinkedup123.top
  • thuramkia123.com
  • thealaska.info
  • supportmeta-horizon.net
  • supportmeta-horizonusa.org
  • suite-meta.com
  • support.md
  • smartcaptcha-meta.com
  • safehumancheck.com
  • shield-meta.com
  • secureverifybot.com
  • rotbotath-meta.com
  • robotapi-meta.com
  • robotcaptcha-meta.com
  • robot-metaquest.com
  • report-media-content.com
  • roadmaps12.com
  • report-copyright-metaplanet.net
  • report-copyright-metaplanet.com
  • report-businessfacebok.com
  • recaptchav2-meta.com
  • recaptcha-metahorizon.org
  • recaptcha-metaquest.com
  • recaptcha-metahorizon.com
  • recaptcha-meta.org
  • recaptcha-login.com
  • recaptcha-confirm.live
  • recaptcha-human.com
  • recaptcha-businessfacebook.com
  • rcaptcha-meta.com
  • recaptcha-confirm.com
  • oauth2-verify.com
  • noverify-bot.com
  • oauthcaptcha-metaquest.com
  • notcaptcha-metaquest.com
  • notcaptcha-metahorizon.com
  • notrobot-metahorizon.com
  • notcaptcha-metacloud.com
  • not-capcha.com
  • notcaptcha-meta.com
  • norotbot-meta.com
  • nocaptcha-metaquest.com
  • norobot-meta.com
  • nocaptcha-metacloud.com
  • nocaptcha-meta.com
  • nocapcha-meta.com
  • nobotverify.com
  • metaquest-captcha.com
  • metahozzizon-12.top
  • ncaptcha-meta.com
  • metahozion12homes.top
  • metahozion12.top
  • metahagrandview12.top
  • mb-meta.com
  • loginpage-meta.com
  • meta-captcha.com
  • loginmetastar12.top
  • login-metaquest.com
  • loginmeta234.top
  • guard-meta.com
  • habanacuba83s.info
  • kareyphatameta12.top
  • gateverify-meta.com
  • firewall-meta.com
  • cunharamos123.com
  • confrim-captcha.com
  • copyright-videofb.com
  • copyright-businessfacebok.com
  • confirm-recaptcha.com
  • confirm-recaptcha.live
  • confirm-meta.com
  • chickken1.top
  • chickken.top
  • clearcapcha.com
  • chickenkentou12.pics
  • chickenkentou12.top
  • certify-meta.com
  • captcha-metaquest.com
  • captchabot-meta.com
  • captchasure-meta.com
  • captcha-metacloudn.com
  • captcha-metacloudm.com
  • captcha-metahorizon.com
  • captcha-metacloudl.com
  • captcha-meta.org
  • captcha-metacloud.com
  • captcha-login-website.com
  • captcha-meta-login.com
  • captcha-meta.com
  • captcha-human.com
  • captcha-facebook.com
  • captcha-confirm.live
  • captcha-app-login.com
  • capchametasite125.icu
  • capchametahozion-12.top
  • capcha-metaquest.com
  • cammeorio2.xyz
  • bypasscaptcha-meta.com
  • bypass-meta.com
  • businesshorizon.net
  • business-meta.com
  • botverifyanalytics.com
  • botdetectcaptcha.com
  • botcaptcha-meta.com
  • bot-secure.com
  • bot-meta.com
  • bot-blocker.com
  • autocaptcha-meta.com
  • authz-meta.com
  • autobypass-meta.com
  • authz-api.my
  • authnet-hyperhorizon.net
  • authrecaptcha-meta.com
  • authmeta12.top
  • authmeta1.top
  • authmeta.top
  • authmeta.pro
  • authmeta.biz
  • authgate-meta.com
  • authen-metaquest.com
  • authen-meta.com
  • authen-bot.com
  • authcaptcha-meta.com
  • authapi-meta.com
  • auth-meta.top
  • apicaptcha-metahorizon.com
  • apicaptcha-metaquest.com
  • apicaptcha-meta.com
  • antibot-meta.com
  • antibotverify.com
  • anmanianer412.com
  • ananmajsna.com
  • 2025-04-17-ingressnightmare-scans-and-testing.md
  • 2025-03-14-testing-cve-2025-24813.md
  • 2025-03-04-group-likely-impersonating-bianlian.md
  • 2022-05-15-iocs-for-deadbolt-ransomware.md
  • authent-metacloud.com
  • recaptcha-metacloud.com
  • 2fgithub.com
Download all indicators here!