# onchainusdt77.com — SUSPICIOUS > onchainusdt77.com linked to an active USDT wallet-theft phishing campaign. This domain shows 1 blocklist hit and 0 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies onchainusdt77.com as an active phishing domain posing a direct threat to cryptocurrency users, specifically targeting holders of Tether (USDT). This site impersonates legitimate blockchain or wallet services to trick victims into entering private keys or seed phrases, enabling immediate theft of USDT balances. The domain structure—“onchainusdt77”—is designed to appear as an official USDT integration or wallet portal, leveraging urgency (“onchain”) and brand mimicry (USDT) to deceive visitors into surrendering sensitive credentials. Security teams first observed this domain in early November 2025, suggesting a recent but rapidly spreading campaign likely distributed via phishing emails, fake ads, or social media impersonations of major wallet providers or exchanges. Evidence supporting the classification includes registration through Gname.com Pte. Ltd., a registrar known to host high-risk domains, and a domain creation date of November 6, 2025. The domain currently resolves to IP address 118.107.28.253 and is already flagged by Google Safe Browsing under “SOCIAL_ENGINEERING,” indicating confirmed deceptive practices. It has been blocked by InversionDNS and is present on 1 known security blocklist. Despite these warnings, VirusTotal currently shows 0 out of 95 detection engines flagging the domain, highlighting a critical detection gap. Additionally, the domain uses a valid Let’s Encrypt SSL certificate, which may further mislead users into believing the site is legitimate. Users who have visited onchainusdt77.com are strongly advised to immediately cease any interaction with the site and assume their cryptocurrency credentials may have been exposed. Anyone who entered private keys, wallet mnemonics, or login credentials should transfer all remaining assets to a newly generated wallet and revoke access to any integrated third-party services. It is essential to scan all connected devices for malware, especially information stealers like RedLine or Raccoon, which often harvest crypto wallet data. Users should also monitor their wallet addresses for unauthorized transactions and report any suspicious activity to their exchange or wallet provider. Always verify domain spellings and use official bookmarks or verified links from trusted sources before entering sensitive information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-11-06 16:39:20 - Registrar: Gname.com Pte. Ltd. - IP: 118.107.28.253 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["InversionDNS"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/onchainusdt77.com - PhishDestroy: https://phishdestroy.io/domain/onchainusdt77.com/ - LLM endpoint: https://phishdestroy.io/domain/onchainusdt77.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/onchainusdt77.com/ Last updated: 2026-04-06