Friday, October 28, 2022

CAPTCHA is Dead! - Here's the Proof

Dear blog readers,

It's a public secret that the majority of today's modern Web sites rely on the use of CAPTCHA for proper user vs bot or automated software detection which in reality is a flawed and an outdated approach to protect a Web site and its visitors as in 2022 we continue to live in a world where CAPTCHA-solving as a service that also includes reCAPTCHA solving as a service continues to proliferate with possible thousands of users across the globe processing hundreds of thousands of CAPTCHAs courtesy of popular CAPTCHA services for the purpose of empowering Russian or international cybercriminals on their way to properly and automatically register new accounts on major Web properties and social networks internationally.

In this post I'll detail the activities of several known CAPTCHA-solving services and discuss in-depth their functionalities with the idea to raise awareness on the concept including the systematic and automatic CAPTCHA solving courtesy of humans and their affiliate-based networks. 

Sample URLs known to have been involved in the campaign include:

hxxp://captchasolver.com - 69.172.201.208; 52.73.71.92; 52.73.115.80; 172.64.138.13; 172.67.184.21

hxxp://captchaocr.com - 172.93.194.59; 172.93.194.58; 3.130.204.160; 103.224.212.221; 3.19.116.195

hxxp://typethat.biz - once executed the sample phones back to hxxp://5fc.info - 184.168.192.116; 45.40.164.140; 209.99.40.222; 208.91.199.225; 50.62.160.53

Sample MD5 known to have been involved in the campaign include:

MD5: eb1ef93dcf2e9fd747ea2b80dd0c2619

Related URLs known to have been involved in similar campaigns include:

hxxp://captchasolver.com/

hxxp://216.55.132.15/captchas

hxxp://64.34.161.26:8888/type/typer.html

hxxp://panel.6ew.pl/index.php

hxxp://www.geocities.com/workcaptcha/magic.bolobomb.htm

hxxp://magic.bolobomb.com/lepricon/index.php

hxxp://www.geocities.com/workcaptcha/destination.work.htm

hxxp://nagic.bolobomb.com/lepricon/index.php?A=STATS

hxxp://www.destination-server.com/bulletinpics/entry.cgi

hxxp://www.destination-server.com/bulletinpics/server-slow.cgi

hxxp://74.55.167.90:8546/entry/type.php?

hxxp://www.lovecolony.com/captchasetup.exe

hxxp://www.captchaocr.com/human/index.php

hxxp://bpoworld.awardspace.com/

Stay tuned!

No comments:

Post a Comment