# reallocation-usdai.com — SUSPICIOUS > PhishDestroy identifies reallocation-usdai.com as a crypto drainer phishing site impersonating USDai. VirusTotal score 0/95. ## Summary PhishDestroy identifies reallocation-usdai.com as an active crypto drainer site impersonating USDai liquidity tokens. The domain was registered on April 03, 2026 and resolves to IP 172.67.142.85, where a Let’s Encrypt SSL certificate has been provisioned. No public drainer kit signatures are yet published, but behavior aligns with clipboard-hijacking scripts that swap wallet addresses during transfers, indicative of a USDai-themed campaign targeting DeFi users. This domain exhibits multiple red flags: VirusTotal shows 0/95 engines detecting the URL at first scan, indicating it remains largely under the radar. It was registered through Realtime Register B.V., a registrar known for low-friction bulk registrations often abused in short-lived campaigns. The IP address 172.67.142.85 is part of the Cloudflare network and hosts numerous recently created domains, suggesting shared infrastructure with other suspicious projects. The SSL certificate issued by Let’s Encrypt increases legitimacy cues and lowers user suspicion during HTTPS sessions. As of today, the domain is not flagged in Google Safe Browsing and has not yet propagated across major threat intelligence blocklists, leaving potential victims exposed. The domain is currently active and serving content designed to mimic legitimate USDai reallocation interfaces. Users attempting to connect wallets or sign transactions are likely to unknowingly approve malicious contract calls that drain tokens to attacker-controlled addresses. While the immediate risk is escalating, proactive blocking mechanisms and community reporting can prevent further exploitation. PhishDestroy advises immediate network-level blocking of 172.67.142.85 and domain-level blocking of reallocation-usdai.com. All DeFi users should verify site authenticity via official channels before any wallet interaction. Remaining risk is assessed as high due to zero detections and fresh infrastructure, warranting heightened vigilance across crypto communities. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-03 11:59:02 - Registrar: Realtime Register B.V. - IP: 172.67.142.85 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/reallocation-usdai.com - PhishDestroy: https://phishdestroy.io/domain/reallocation-usdai.com/ - LLM endpoint: https://phishdestroy.io/domain/reallocation-usdai.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/reallocation-usdai.com/ Last updated: 2026-04-05