# usd-ai.live — SUSPICIOUS

> USD-AI.live is a credential theft domain impersonating AI services. Flagged by 0 of 95 VirusTotal vendors with a Let's Encrypt SSL certificate.

## Summary
PhishDestroy identifies usd-ai.live as an active credential theft domain posing as a legitimate AI service. Current status is under investigation, with the threat classified as generic phishing targeting unsuspecting users through brand impersonation. This domain is specifically designed to harvest login credentials under the guise of an AI platform, likely aiming to compromise user accounts for financial or data exfiltration purposes.  This domain was registered on March 17, 2026, through Global Domain Group LLC, and is currently resolving to IP address 188.114.97.3. Security vendor detection remains at 0 out of 95 VirusTotal engines as of the latest scan, indicating it has evaded immediate signature-based detection despite its malicious intent. The presence of a Let's Encrypt-signed SSL certificate suggests an attempt to appear legitimate and build user trust, a common tactic among credential theft operations. Risk indicators include newly registered domains (NRDs) with low trust scores, absence of historical web reputation, and utilization of bulletproof hosting infrastructure to prolong operational availability.  Given the active status and zero initial detection, organizations and end-users should treat usd-ai.live as a high-priority threat indicator. Immediate actions include blocking domain resolution at the DNS and firewall levels using the exact domain and resolved IP (188.114.97.3). Users who may have interacted with this domain should immediately rotate credentials, enable multi-factor authentication on all related accounts, and monitor for unauthorized transactions or data access. Security teams are advised to deploy behavioral-based detection rules (e.g., impossible travel, anomalous login patterns) and update blocklists across email gateways and endpoint protection platforms. Continuous monitoring of this domain for changes in infrastructure, certificate issuance, or redirection chains is strongly recommended to prevent potential spillover into downstream compromise. Early containment remains critical due to the domain’s low detection footprint and active operational status.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 11:54:26
- Registrar: Global Domain Group LLC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/32c62cf8-0202-4aa6-a822-d25726c70b75
- PhishDestroy: https://phishdestroy.io/domain/usd-ai.live/
- LLM endpoint: https://phishdestroy.io/domain/usd-ai.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/usd-ai.live/
Last updated: 2026-03-23