CAPTCHA is dead! – Here is the proof

Dear blog readers,

It’s a public secret that the majority of modern websites today rely on the use of CAPTCHA for proper user detection versus bots or automated software detection, which in reality is a flawed and outdated approach to protecting a website and its visitors as in 2022 we continue to live in a world where solving CAPTCHA as a service which also includes solving reCAPTCHA as a service continues to proliferate with thousands of possible users around the world processing hundreds of thousands of CAPTCHAs courtesy of popular CAPTCHA services with the aim of empowering Russian or international cybercriminals in the process of correctly and automatically registering new accounts on major websites and social networks internationally.

In this article, I will detail the activities of several well-known CAPTCHA solving services and discuss in depth their features with the idea of ​​raising awareness of the concept, including systematic and automatic CAPTCHA solving through humans and their affiliated networks.

Examples of URLs known to have been involved in the campaign:

hxxp://captchasolver.com – 69.172.201.208; 52.73.71.92; 52.73.115.80; 172.64.138.13; 172.67.184.21

hxxp://captchaocr.com – 172.93.194.59; 172.93.194.58; 3,130,204,160; 103.224.212.221; 3.19.116.195

hxxp://typethat.biz – once run the sample phones to hxxp://5fc.info – 184.168.192.116; 45.40.164.140; 209.99.40.222; 208.91.199.225; 50.62.160.53

The MD5 sample known to have been involved in the campaign includes:

MD5: eb1ef93dcf2e9fd747ea2b80dd0c2619

Related URLs known to have been involved in similar campaigns include:

hxxp://captchasolver.com/

hxxp://216.55.132.15/captchas

hxxp://64.34.161.26:8888/type/typer.html

hxxp://panel.6ew.pl/index.php

hxxp://www.geocities.com/workcaptcha/magic.bolobomb.htm

hxxp://magic.bolobomb.com/lepricon/index.php

hxxp://www.geocities.com/workcaptcha/destination.work.htm

hxxp://nagic.bolobomb.com/lepricon/index.php?A=STATS

hxxp://www.destination-server.com/bulletinpics/entry.cgi

hxxp://www.destination-server.com/bulletinpics/server-slow.cgi

hxxp://74.55.167.90:8546/entry/type.php?

hxxp://www.lovecolony.com/captchasetup.exe

hxxp://www.captchaocr.com/human/index.php

hxxp://bpoworld.awardspace.com/

Stay tuned!

*** This is a syndicated blog from the Security Bloggers Network of Dancho Danchev’s Blog – Mental Flows of Information Security Knowledge Written by Dancho Danchev. Read the original post at: https://ddanchev.blogspot.com/2022/10/captcha-is-dead-heres-proof.html


Source link