{ "type": "Domain", "indicator": "caseners.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/caseners.com", "alexa": "http://www.alexa.com/siteinfo/caseners.com", "indicator": "caseners.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2225599624, "indicator": "caseners.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "67e271274ea6563a21ec770e", "name": "New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players", "description": "A sophisticated phishing campaign targeting Counter-Strike 2 players has been uncovered, employing browser-in-the-browser (BitB) attacks. The campaign aims to steal Steam accounts by creating convincing fake browser pop-ups that mimic legitimate login pages. The threat actors are abusing the identity of the pro eSports team Navi and promoting their scams on platforms like YouTube. The stolen accounts are likely intended for resale on online marketplaces. The majority of the phishing sites are in English, with one Chinese site discovered. This campaign highlights the ongoing evolution of phishing techniques and the importance of vigilance when encountering login pop-ups, especially for desktop users.", "modified": "2025-03-25T13:29:00.485000", "created": "2025-03-25T09:02:31.749000", "tags": [ "phishing", "counter-strike 2", "steam", "browser-in-the-browser", "esports", "gaming", "credential theft" ], "references": [ "https://www.silentpush.com/blog/browser-in-the-browser-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1538", "name": "Cloud Service Dashboard", "display_name": "T1538 - Cloud Service Dashboard" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 386717, "modified_text": "433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e29a36b84e2ba697ee9ba8", "name": "New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players - Silent Push", "description": "A new phishing campaign targeting players of the video game Counter-Strike 2 has been discovered by Silent Push, a team of researchers working with Valve, the company behind Valve\u2019s Steam platform.", "modified": "2025-04-24T11:00:51.456000", "created": "2025-03-25T11:57:41.994000", "tags": [ "silent push", "steam", "navi", "web scanner", "bitb", "url bar", "english", "mandarin", "iofas", "bitb attack", "push", "silent", "june", "back", "navi roulette" ], "references": [ "https://www.silentpush.com/blog/browser-in-the-browser-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Navi Roulette", "display_name": "Navi Roulette", "target": null }, { "id": "BitB", "display_name": "BitB", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "403 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e5b91de50fd48e9fabc8a6", "name": "BitBAttacks Laverages CS2 Players\u2019 Steam Accounts", "description": "", "modified": "2025-03-27T20:46:21.093000", "created": "2025-03-27T20:46:21.093000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Blissboy99", "id": "314063", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 6 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 0, "modified_text": "430 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e31a82ab1a1e9e57bd297a", "name": "BitB Attacks Target CS2 Players\u2019 Steam Accounts", "description": "New phishing campaign targets Counter-Strike2 players by utilizing Browser-in- the-Browser (Bitb) attack which displays a realistic window that mimics Steam\u2019s login page.", "modified": "2025-03-25T21:05:06.529000", "created": "2025-03-25T21:05:06.529000", "tags": [], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 6 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "432 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.silentpush.com/blog/browser-in-the-browser-attacks/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "CryptoGen Cyber Threat Intelligence Advisory" ], "malware_families": [ "Bitb", "Navi roulette" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "67e271274ea6563a21ec770e", "name": "New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players", "description": "A sophisticated phishing campaign targeting Counter-Strike 2 players has been uncovered, employing browser-in-the-browser (BitB) attacks. The campaign aims to steal Steam accounts by creating convincing fake browser pop-ups that mimic legitimate login pages. The threat actors are abusing the identity of the pro eSports team Navi and promoting their scams on platforms like YouTube. The stolen accounts are likely intended for resale on online marketplaces. The majority of the phishing sites are in English, with one Chinese site discovered. This campaign highlights the ongoing evolution of phishing techniques and the importance of vigilance when encountering login pop-ups, especially for desktop users.", "modified": "2025-03-25T13:29:00.485000", "created": "2025-03-25T09:02:31.749000", "tags": [ "phishing", "counter-strike 2", "steam", "browser-in-the-browser", "esports", "gaming", "credential theft" ], "references": [ "https://www.silentpush.com/blog/browser-in-the-browser-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1538", "name": "Cloud Service Dashboard", "display_name": "T1538 - Cloud Service Dashboard" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 386717, "modified_text": "433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e29a36b84e2ba697ee9ba8", "name": "New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players - Silent Push", "description": "A new phishing campaign targeting players of the video game Counter-Strike 2 has been discovered by Silent Push, a team of researchers working with Valve, the company behind Valve\u2019s Steam platform.", "modified": "2025-04-24T11:00:51.456000", "created": "2025-03-25T11:57:41.994000", "tags": [ "silent push", "steam", "navi", "web scanner", "bitb", "url bar", "english", "mandarin", "iofas", "bitb attack", "push", "silent", "june", "back", "navi roulette" ], "references": [ "https://www.silentpush.com/blog/browser-in-the-browser-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Navi Roulette", "display_name": "Navi Roulette", "target": null }, { "id": "BitB", "display_name": "BitB", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "403 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e5b91de50fd48e9fabc8a6", "name": "BitBAttacks Laverages CS2 Players\u2019 Steam Accounts", "description": "", "modified": "2025-03-27T20:46:21.093000", "created": "2025-03-27T20:46:21.093000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Blissboy99", "id": "314063", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 6 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 0, "modified_text": "430 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e31a82ab1a1e9e57bd297a", "name": "BitB Attacks Target CS2 Players\u2019 Steam Accounts", "description": "New phishing campaign targets Counter-Strike2 players by utilizing Browser-in- the-Browser (Bitb) attack which displays a realistic window that mimics Steam\u2019s login page.", "modified": "2025-03-25T21:05:06.529000", "created": "2025-03-25T21:05:06.529000", "tags": [], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 6 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "432 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "caseners.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "caseners.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780337318.0335748 }