# discord-captcha.run — SUSPICIOUS > discord-captcha.run mimics Discord's CAPTCHA service to harvest credentials; flagged by 0 of 95 VirusTotal scanners. Users should avoid this domain entirely. ## Summary PhishDestroy identifies discord-captcha.run as a live phishing domain masquerading as a Discord CAPTCHA service. The site is currently under active investigation by cybersecurity teams as a credential-harvesting trap aimed at Discord users. At the time of writing, no vendor on VirusTotal has flagged the domain, leaving potential victims exposed to this low-sophistication but effective impostor page. This domain was flagged by 0 of 95 VirusTotal vendors, registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 23, 2026. It resolves to IP 172.67.215.167 and holds a valid Let’s Encrypt SSL certificate. With zero detections on VirusTotal and no presence on major blocklists, discord-captcha.run currently operates with impunity despite clear signs of deceptive intent aimed at compromising Discord accounts. Current status indicates active deployment with no containment measures in place. Users are advised to avoid accessing this domain, block it at the network and endpoint levels using indicators such as the IP 172.67.215.167 and the domain itself, and report the site to Discord’s Trust & Safety team and their IT security provider. Organizations should update firewall rules and DNS sinkholes to preemptively block this threat vector before it propagates further. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-23 13:13:57 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 172.67.215.167 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0b7a2c8d-2a1b-4ab6-8aab-1985e3fa3065 - PhishDestroy: https://phishdestroy.io/domain/discord-captcha.run/ - LLM endpoint: https://phishdestroy.io/domain/discord-captcha.run/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/discord-captcha.run/ Last updated: 2026-03-23