# scan-usdt.org — SUSPICIOUS

> scan-usdt.org is linked to phishing activity. Avoid interaction until investigation completes to protect your data and assets.

## Summary
PhishDestroy identifies scan-usdt.org as a potentially malicious domain engaged in generic phishing activities. Despite the absence of detections on VirusTotal, the domain’s recent creation on March 3, 2026, combined with suspicious registration details, raises concerns about its legitimacy. The domain is currently under investigation due to its association with tactics commonly used to deceive users and capture sensitive information.

The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar occasionally linked with high-risk registrations. It resolves to IP address 172.67.214.117, which is part of a cloud-based infrastructure often leveraged by threat actors to mask origin and facilitate phishing campaigns. Although no current security vendors have flagged this domain, its infrastructure characteristics and timing of registration warrant caution.

At this stage, scan-usdt.org remains active and unclassified by automated detection systems, emphasizing the importance of vigilance. PhishDestroy recommends avoiding any interaction with this domain, refraining from submitting personal or financial information, and monitoring for updates as the investigation progresses. Organizations should consider blocking access to this domain preemptively and educate users about the risks of new, unverified domains mimicking legitimate financial or cryptocurrency services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Target brand: AMLBot
- Page title: Web3 AML Checker

## Domain Intelligence
- Registered: 2026-03-06 15:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.214.117
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: grannbo.ns.cloudflare.com kyree.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["ADMINUSLabs", "Fortinet", "Kaspersky"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc364-738a-731e-b16a-083b548cff3c.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/scan-usdt.org
- PhishDestroy: https://phishdestroy.io/domain/scan-usdt.org/
- LLM endpoint: https://phishdestroy.io/domain/scan-usdt.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/scan-usdt.org/
Last updated: 2026-03-19