# usdai.site — SUSPICIOUS

> A high-risk fake USDT gateway domain usdai.site pushes malware via fake crypto exchange sites. Blocked by 2/95 security vendors after April 1 2026 creation.

## Summary
usdai.site has been classified by PhishDestroy as an active generic phishing domain at elevated risk. This impostor site masquerades as a legitimate USDT (Tether) gateway to trick cryptocurrency users into surrendering private keys or downloading malicious payloads. Threat actors are actively using this domain to harvest credentials and inject malware into victim systems. Users should treat any connection or transaction prompt from usdai.site as a potential credential theft attempt.  This domain was flagged after being identified by two of 95 VirusTotal security vendors and placed on the Hagezi blocklist. It was registered through Dynadot Inc on April 01, 2026, and resolves to IP address 188.114.97.3. The domain acquired a Let’s Encrypt SSL certificate, which increases its credibility to unsuspecting visitors but does not indicate legitimacy. The timeframe from creation to active abuse is less than 30 days, indicating rapid deployment for malicious campaigns.  To mitigate exposure to this threat, users should immediately block the domain and IP at the network level. Never enter private keys, wallet seeds, or credentials into any form on usdai.site or linked subpages. Cryptocurrency holders should verify URLs manually and use hardware wallets or reputable exchange interfaces with two-factor authentication enabled. If you suspect interaction, revoke any exposed credentials and scan devices for malware. Report the domain to your security team and relevant abuse channels to help curb further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-01 18:53:06
- Registrar: Dynadot Inc
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/usdai.site
- PhishDestroy: https://phishdestroy.io/domain/usdai.site/
- LLM endpoint: https://phishdestroy.io/domain/usdai.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/usdai.site/
Last updated: 2026-04-09