# treasury-usdai.xyz — SUSPICIOUS > treasury-usdai.xyz is a fake US Treasury phishing site hosted on 104.21.8.68, mimicking legitimate crypto services. ## Summary PhishDestroy identifies treasury-usdai.xyz as an active generic phishing domain posing as a US Treasury or crypto-related service to harvest credentials and cryptocurrency. This domain resolves to IP 104.21.8.68 and leverages a Let's Encrypt SSL certificate to appear legitimate, likely targeting users expecting official government or financial portals. The domain was registered on April 06, 2026 through PDR Ltd. d/b/a PublicDomainRegistry.com, a commonly abused registrar for short-lived malicious domains. This domain was flagged by 3 out of 95 security vendors on VirusTotal, indicating limited but concerning detection. Its recent creation date and use of a free SSL certificate suggest opportunistic deployment in low-cost, high-impact phishing campaigns. Registrar and hosting patterns align with known bulletproof infrastructure used to evade takedowns and prolong operational lifespan. Users visiting this domain risk exposure to credential theft, malware download, or financial fraud under the guise of official financial services. If you visited treasury-usdai.xyz, immediately cease interaction and scan your device using updated antivirus software. Do not enter any credentials or cryptocurrency wallet information. Report the domain to your IT team or local cybersecurity authority. Block the domain and IP 104.21.8.68 at your network perimeter. Consider rotating passwords and monitoring financial accounts for unauthorized activity. Always verify domains using official sources before engaging with government or financial platforms. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-06 15:46:37 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 104.21.8.68 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/treasury-usdai.xyz - PhishDestroy: https://phishdestroy.io/domain/treasury-usdai.xyz/ - LLM endpoint: https://phishdestroy.io/domain/treasury-usdai.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/treasury-usdai.xyz/ Last updated: 2026-04-08