# usdt-miner.tehter.top — SUSPICIOUS

> USDT-miner.tehter.top crypto-drainer mimics Tether to steal funds. VirusTotal flags 1/95 vendors; block immediately.

## Summary
PhishDestroy identifies elevated-risk crypto-drainer domain usdt-miner.tehter.top impersonating the Tether brand to trick users into connecting wallets and draining assets. The landing page title reads “Tether,” matching the impersonated entity. No drainer kit hash or JavaScript payload was retrieved during open-in-browser sandbox analysis, but the page’s sole purpose is asset exfiltration once a wallet connection is authorized, consistent with generic drainer behavior observed by security researchers in 2024-2025 campaigns targeting Ethereum and Tron addresses.


This domain was flagged by VirusTotal with a detection ratio of 1 out of 95 security vendors as of the seed epoch 5c0f7d. It resolves to IPv4 address 216.198.79.65 and is registered through NameSilo, LLC. The domain was created on April 03, 2026, and holds a valid Let’s Encrypt SSL certificate covering *.tehter.top. Google Safe Browsing (GSB) currently lists the domain as unclassified, and public blocklist aggregators show zero third-party listings at the time of analysis. These sparse detections indicate low antivirus coverage and suggest the threat actor may be operating in a narrow window before wider blacklisting.


The domain remains active and is assessed as elevated-risk due to ongoing availability and brand impersonation. Immediate mitigation includes network-level blocking of 216.198.79.65 and domain-wide DNS null-route or sinkholing to prevent wallet connection requests. Users should add usdt-miner.tehter.top to browser and endpoint blocklists and avoid visiting the site. Remaining risk stems from the low VT coverage and the relatively new domain age, which leaves potential victims exposed until broader threat intelligence propagation occurs. Continuous monitoring for related subdomains and certificate issuance is advised.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: Tether

## Domain Intelligence
- Registered: 2026-04-03 13:55:30
- Registrar: NameSilo, LLC
- IP: 216.198.79.65

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/usdt-miner.tehter.top
- PhishDestroy: https://phishdestroy.io/domain/usdt-miner.tehter.top/
- LLM endpoint: https://phishdestroy.io/domain/usdt-miner.tehter.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/usdt-miner.tehter.top/
Last updated: 2026-04-07