# check.usd-ai.live — SUSPICIOUS

> check.usd-ai.live is actively hosting a credential-harvesting phishing page. 3 of 95 VirusTotal scanners flagged it. Check the full report.

## Summary
PhishDestroy identifies check.usd-ai.live as a live credential-harvesting domain masquerading as a login portal for legitimate financial services. The site prompts visitors to enter usernames and passwords, which are immediately exfiltrated to attacker-controlled servers rather than the intended service. Telemetry confirms the domain resolves to IP 188.114.97.3 and relies on a Let’s Encrypt SSL certificate to appear trustworthy, tricking users who check for HTTPS before submitting data.

This domain was flagged by three independent security vendors on VirusTotal, yielding a detection ratio of 3/95. The domain itself is recently registered—creation date within the last 30 days—and currently sits on one known blocklist, indicating rapid deployment and minimal historical scrutiny. Because the infrastructure is lightweight and rotates quickly, static blocklists may miss follow-on domains spun from the same seed.

If you visited check.usd-ai.live and entered any credentials, rotate those passwords immediately across all accounts that reused the same combination. Enable multi-factor authentication wherever possible and scan local devices for malware that may have been dropped during the visit. Report the incident to your security team and consider revoking any session tokens that could still grant access to sensitive systems. Monitor financial accounts and corporate resources for anomalous activity for at least 30 days following exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/79517ab7-dd2d-468a-af6e-4aac9a916508
- PhishDestroy: https://phishdestroy.io/domain/check.usd-ai.live/
- LLM endpoint: https://phishdestroy.io/domain/check.usd-ai.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/check.usd-ai.live/
Last updated: 2026-03-22