captcha.best
Open in
urlscan Pro
2606:4700:3033::6815:3c58
Malicious Activity!
Public Scan
Submission: On June 18 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by GTS CA 1P5 on June 18th 2023. Valid for: 3 months.
This is the only time captcha.best was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Discord (Instant Messenger)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 2606:4700:303... 2606:4700:3033::6815:3c58 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 162.159.130.233 162.159.130.233 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
captcha.best
captcha.best |
386 KB |
1 |
discordapp.com
cdn.discordapp.com — Cisco Umbrella Rank: 2390 |
12 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | captcha.best |
captcha.best
|
1 | cdn.discordapp.com |
captcha.best
|
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
discord.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
captcha.best GTS CA 1P5 |
2023-06-18 - 2023-09-16 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-11-19 - 2023-11-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://captcha.best/verify?id=zWRRaT1f4h6aCM9UPKwqAEu2
Frame ID: 8E91EB3BBFC98F7C298DD27F4417613E
Requests: 14 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
verify
captcha.best/ |
2 MB 339 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
captcha.best/ |
121 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
22fd790491653d837422d80e3500cf92.svg
captcha.best/assets/ |
164 B 164 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
captcha.best/ |
7 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
27737ee12149c40ce6af21f6a7ac7265.png
cdn.discordapp.com/avatars/948313795120484413/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
captcha.best/ |
4 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
captcha.best/ |
10 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e8acd7d9bf6207f99350ca9f9e23b168.woff
captcha.best/assets/ |
164 B 387 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
88055567e3d928bcb1e67e967081572e.woff
captcha.best/assets/ |
164 B 395 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3bdef1251a424500c1b3a78dea9b7e57.woff
captcha.best/assets/ |
164 B 388 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
be0060dafb7a0e31d2a1ca17c0708636.woff
captcha.best/assets/ |
164 B 523 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
captcha.best/create-qr-code/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
captcha.best/create-qr-code/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
get
captcha.best/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Discord (Instant Messenger)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend string| page object| hcaptcha function| init function| onMessage function| removeImage function| cancel string| t_locale object| lastotp object| rightotp boolean| gettingotp object| gettingotpid function| tryLogin function| openCaptchaPage function| parseMfa function| submitOTP function| checkTotpButton function| sendSms function| checkTotp function| closeMfaPage function| openMfaPage function| showMfaError function| submitCode function| initCaptchaCheck function| captchaChecked function| closeCaptchaPage function| showError function| showErrors function| getErrorContent1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.discordapp.com/ | Name: __cf_bm Value: m5JNfLZoiwCHVFbl_Hksdvzbsj.A8x.iRIqF2QTo9kc-1687092912-0-ARr2ASxu0OIZz/T4XFmeem56O+HGtiR9+/LYfxHfOWkWG153ShgNB7pXCbFJ9Z/HDGrqqG+AOeLcd6+Kwq4wVyQ= |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
captcha.best
cdn.discordapp.com
162.159.130.233
2606:4700:3033::6815:3c58
04e604eaca394c1cfdb9290c459685edc00afdc55dfb73948cc4c54b5723a065
18eafb772e970cd43b1c2a000c667c63f6cf39382e40557e95a219a4cbce9d96
213be8ebd0d04a11942e62d3c199c390d04436dfdd3b51b33e47cfb0ff622d92
223133b44a26fa6af7a9f9e6bf29f320bd8165bc99367fbfefaf94c8e9feac38
2dbbd80865c32d7226f63753a96f926ac292a92a4a41f08c79308e30393ef92d
5fb47fbd3ca39b348ab51f5698b4184a58ea9c83f1daae8e65b6c45dbe1626fa
6817cfb84bc65b63f73c80c0ef16524bb32c4cf5c9a07c0c664d3ae5e022e1a4
8667f8f09246b47991e71a86cd4cd41c0ba5fcb6a4e60dd94b5038813079898a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1ca5949ef43d0a6130a1176794b4b38b393f2638c6cc5c2b8449adb6ed3f144