# captcha-found.top — SUSPICIOUS > PhishDestroy identifies captcha-found.top as a live credential harvesting site masquerading as CAPTCHA verification. ## Summary PhishDestroy identifies captcha-found.top as an active credential-harvesting domain posing as a CAPTCHA verification service to trick users into surrendering login details. The site leverages a recently issued Let’s Encrypt SSL certificate to appear legitimate while hosting a convincing fake CAPTCHA page. Once credentials are submitted, attackers immediately exfiltrate them to backend servers under their control, enabling subsequent account takeovers and financial fraud. This domain was flagged by PhishDestroy with an elevated risk classification after VirusTotal analysis revealed only 1 out of 95 security vendors currently detect the threat. Technical indicators show the domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 31, 2026, and resolves to IP address 188.114.97.3. The low detection rate and fresh registration timeline indicate this campaign is actively evolving while evading traditional defenses. Given the short operational window, proactive blocking is essential to prevent widespread victimization. Users who visited captcha-found.top should immediately rotate passwords for any accounts entered on the site, enable multi-factor authentication where available, and scan local devices for malware. Report the domain to your organization’s security team and file a complaint with the FBI IC3 if financial or sensitive data was exposed. Disable autofill forms to prevent browsers from auto-submitting credentials on similar future domains. Monitor financial accounts closely for unauthorized transactions and remain vigilant for follow-up spear-phishing attempts leveraging the harvested credentials. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 12:12:10 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/captcha-found.top - PhishDestroy: https://phishdestroy.io/domain/captcha-found.top/ - LLM endpoint: https://phishdestroy.io/domain/captcha-found.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/captcha-found.top/ Last updated: 2026-04-02