Bot protection

Summary

Attackers are using common bot protection technologies like CAPTCHA and Cloudflare Turnstile to prevent security bots from accessing their web pages to be able to analyse them (and therefore block pages from being automatically flagged).

This requires anyone visiting the page to pass a bot check/challenge before the page can be loaded, meaning the full page cannot be analysed by automated tools without human interaction.

Examples

• Example 1: NakedPages AitM phishing kit — Using Cloudflare Turnstile for bot protection.
• Example 2: Tycoon 2FA AitM phishing kit — Using a custom CAPTCHA rendered via HTML5 canvas.