# mainnet-usdai.com — SUSPICIOUS > mainnet-usdai.com is a crypto drainer impersonating USDC (USD Coin). Verify safety on PhishDestroy — zero VirusTotal detections (0/95) reported. ## Summary PhishDestroy identifies mainnet-usdai.com as an active crypto drainer domain, designed to mimic legitimate USDC infrastructure and facilitate unauthorized cryptocurrency transactions. This domain is not merely a generic phishing page; it specifically targets users interacting with decentralized finance (DeFi) platforms or cryptocurrency wallets by presenting a fraudulent interface for wallet connections or transaction approvals. The threat actor leverages a drainer kit—a malicious script embedded within the page—to siphon digital assets from connected wallets without user consent. The domain’s naming convention, incorporating 'mainnet' and 'usdai' (a misspelling of USDC), suggests an attempt to exploit typographical errors and capitalize on the trust associated with established stablecoin protocols. Initial analysis indicates the drainer kit is actively deployed and operational, with the domain serving as a gateway for unauthorized asset transfers. This domain resolves to IP address 188.114.97.3 and was registered on April 04, 2026, through Realtime Register B.V. The SSL certificate, issued by Let's Encrypt, provides a false sense of legitimacy, while VirusTotal currently reports zero detections out of 95 engines (0/95), indicating it has evaded broad detection thus far. The domain has not been flagged by Google Safe Browsing (GSB), and no blocklist entries have been recorded at the time of analysis. The recent creation date and pristine detection history suggest this is a newly deployed threat, likely part of a larger campaign targeting cryptocurrency users. The lack of historical data and low detection rate underscore the need for proactive monitoring and rapid response to prevent widespread compromise. As of the latest assessment, mainnet-usdai.com remains active and poses a significant risk to users who may inadvertently interact with the domain. PhishDestroy has flagged this domain under investigation, with threat intelligence teams actively analyzing its infrastructure and drainer kit payload. Immediate actions include updating threat intelligence feeds, coordinating with domain registrars and hosting providers, and issuing public advisories to raise awareness. While the current risk is classified as 'under_investigation,' the potential for financial harm is high given its specific targeting of cryptocurrency users. Users are strongly advised to verify the legitimacy of any domain claiming to support USDC or other stablecoins, particularly those with recent creation dates or unusual naming conventions. Regular monitoring of wallet transactions and the use of hardware wallets for critical operations are recommended to mitigate exposure to this and similar threats. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-04 15:08:42 - Registrar: Realtime Register B.V. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/mainnet-usdai.com - PhishDestroy: https://phishdestroy.io/domain/mainnet-usdai.com/ - LLM endpoint: https://phishdestroy.io/domain/mainnet-usdai.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mainnet-usdai.com/ Last updated: 2026-04-04