reCAPTCHA
Google reCAPTCHA is the most widely deployed CAPTCHA service, used to block automated abuse on forms, logins and signups. ScanMalware detects it from the reCAPTCHA API script and challenge iframe.
Its presence indicates anti-automation protection. Phishing kits also embed reCAPTCHA to look legitimate and to slow down automated analysis, so it should always be read alongside the full scan.
Commonly deployed alongside reCAPTCHA
Of the 9,021 public scans where reCAPTCHA was detected, these are the technologies most often present on the same site. The share is the percentage of reCAPTCHA sites that also ran each one.
| Technology | Category | Share of reCAPTCHA sites |
|---|---|---|
| Cloudflare | wappalyzer | 69.41% |
| HTTP/3 | wappalyzer | 53.8% |
| Cloudflare Turnstile | wappalyzer | 49.38% |
| X-UA-Compatible | miscellaneous | 40.08% |
| Open-Graph-Protocol | miscellaneous | 37.82% |
| HSTS | wappalyzer | 37.59% |
| hCaptcha | wappalyzer | 32.96% |
| jQuery | wappalyzer | 30.88% |
| Google Analytics | wappalyzer | 29.12% |
| Google Cloud | wappalyzer | 28.4% |
| Google Cloud CDN | wappalyzer | 28.32% |
| Cloudflare Bot Management | wappalyzer | 26.94% |
| JQuery | miscellaneous | 23.12% |
| Google Tag Manager | wappalyzer | 20.72% |
How ScanMalware detects reCAPTCHA
reCAPTCHA is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that reCAPTCHA is present, but how it is being used. Open the full search interface for reCAPTCHA →
Recent public scans featuring reCAPTCHA
A rolling sample of recent public scans where reCAPTCHA was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Log in to continue - Log in with Atlassian account https://sintaviaeng.atlassian.net | 2026-06-16 |
| Exklusive Gärten gestalten: TOP-Angebote mit WOW-Effekt https://www.gartentraum.de | 2026-06-16 |
| Lashes, Nails, Textured Hair Products, Hair Care Tools | Kiss – KISS USA https://www.kissusa.com | 2026-06-16 |
| Homepage - ACKV https://www.ackv.it | 2026-06-16 |
| St Peter's College, University of Oxford | St Peter's College Oxford http://spc.ox.ac.uk | 2026-06-16 |
| Login | Qualtrics https://znej7k4eplq9fdf8f-afklm.siteintercept.qualtrics.com | 2026-06-16 |
| Login | Ankeny Community School District https://ankenyia.infinitecampus.org | 2026-06-16 |
| Ordine dei Periti Industriali e dei Periti Industriali Laureati della Provincia di Taranto https://www.periti-industriali.taranto.it/ | 2026-06-16 |
Frequently asked questions about reCAPTCHA
- Does using reCAPTCHA mean a website is unsafe?
- No. reCAPTCHA is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using reCAPTCHA can be perfectly safe or actively malicious.
- How many sites using reCAPTCHA has ScanMalware scanned?
- reCAPTCHA has been detected in 9,021 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with reCAPTCHA?
- Across scanned sites, reCAPTCHA is most often seen alongside Cloudflare, HTTP/3 and Cloudflare Turnstile. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.