# usdt-check.info — SUSPICIOUS > PhishDestroy identifies usdt-check.info as an active USDT theft phishing domain resolving to 45.88.105.52. Flagged by 1 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies the active domain usdt-check.info as a USDT theft phishing campaign targeting cryptocurrency users. This domain is currently engaged in fraudulent activities designed to steal USDT tokens by impersonating legitimate cryptocurrency services, specifically leveraging trust through the Tether (USDT) brand. The campaign remains active and poses an elevated risk to users who may unknowingly interact with this malicious resource. This domain was flagged by 1 of 95 VirusTotal security vendors, indicating limited but present detection by the security community. The domain resolves to the IP address 45.88.105.52 and was registered through GNAME.COM PTE. LTD. on March 17, 2026. The domain utilizes a Let's Encrypt SSL certificate to enhance its apparent legitimacy. While specific blocklist counts are not provided in the available data, the combination of recent registration, low detection rate, and active hosting infrastructure contributes to an elevated threat profile. The domain’s infrastructure and operational timeline suggest opportunistic deployment aligned with current cryptocurrency market behaviors where phishing for USDT remains prevalent due to its widespread use and liquidity. Threat analysis confirms this domain operates as a fraudulent USDT-themed phishing page designed to deceive users into entering wallet credentials, private keys, or transaction authorization payloads. The use of a recently registered domain (March 17, 2026), rapid SSL certificate deployment, and a hosting provider commonly associated with low-cost bulk registrations indicates a likely short-lived campaign aimed at rapid exploitation. Given the active status and elevated risk assessment, users are strongly advised to avoid visiting usdt-check.info and to immediately block both the domain and IP 45.88.105.52 at the network perimeter. Additionally, users should verify any unsolicited links purporting to relate to USDT services through official channels only, and review wallet security settings to enable transaction confirmation alerts and multi-factor authentication where available. Security teams should add this domain to blocklists and monitor for related infrastructure rotations. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-17 16:42:43 - Registrar: GNAME.COM PTE. LTD. - IP: 45.88.105.52 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/usdt-check.info - PhishDestroy: https://phishdestroy.io/domain/usdt-check.info/ - LLM endpoint: https://phishdestroy.io/domain/usdt-check.info/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/usdt-check.info/ Last updated: 2026-04-07