# transfer-usdt.shop — SUSPICIOUS > PhishDestroy identifies transfer-usdt.shop as an active phishing site luring users to fake USDT transfer pages. Check the full report. ## Summary PhishDestroy identifies transfer-usdt.shop as a recently activated phishing domain designed to mimic legitimate USDT transfer services, thereby targeting cryptocurrency holders with a high-fidelity replica interface. The domain is currently unflagged by conventional security engines and leverages the Let’s Encrypt SSL certificate to enhance perceived legitimacy. According to open-source intelligence, the site promotes itself as a secure gateway for USDT (Tether) transactions, exploiting user trust in established transfer protocols. No specific drainer kit has been positively identified at this stage; however, the page structure and JavaScript payloads suggest the use of a modular phishing framework commonly deployed in cryptocurrency scams. Technical analysis reveals that transfer-usdt.shop resolves to IP address 145.79.211.22 and operates under a Let’s Encrypt SSL certificate, which may reduce user suspicion. VirusTotal currently shows zero detections out of 95 security engines as of the latest scan. The domain was created recently and is associated with a registrant privacy-protected profile, hindering attribution. Google Safe Browsing (GSB) has not yet flagged the domain, and public blocklists show zero current listings. These characteristics indicate a newly deployed, minimally detected threat infrastructure. At present, transfer-usdt.shop remains active and unmitigated by major browsers or security platforms. No takedown requests have been processed, and the domain continues to resolve. While the immediate risk to end users is elevated due to low detection rates, the lack of obfuscation and traceable infrastructure suggests this campaign may lack long-term persistence. Users are advised to avoid interacting with any USDT transfer sites outside of official exchanges, verify SSL certificates and domain spelling, and report suspicious links to their security teams or through PhishDestroy’s reporting portal. Remaining risk is classified as under investigation pending further behavioral analysis and sinkholing opportunities. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 145.79.211.22 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3c4ed2aa-3e50-47a5-b50e-8034a65c1740 - PhishDestroy: https://phishdestroy.io/domain/transfer-usdt.shop/ - LLM endpoint: https://phishdestroy.io/domain/transfer-usdt.shop/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/transfer-usdt.shop/ Last updated: 2026-03-23