# usdt.fhxusd.bar — SUSPICIOUS

> usdt.fhxusd.bar mimics a USDT wallet site. It hosts a phishing page to steal crypto credentials. Avoid this domain after Feb 14, 2026 creation.

## Summary
PhishDestroy identifies an active phishing campaign targeting cryptocurrency users through the domain usdt.fhxusd.bar, which impersonates a legitimate USDT wallet service to harvest login credentials and private keys. This domain was flagged after security researchers observed its deployment in spam emails and social media posts promoting fake USDT giveaways and wallet access portals. The threat actor leverages social engineering to trick victims into entering sensitive wallet information, with the ultimate goal of draining cryptocurrency assets directly from connected wallets.  This domain poses a critical risk due to its low detection rate and recent infrastructure setup. VirusTotal currently shows 0 out of 95 security engines flagging the domain, indicating it remains under the radar of most antivirus and threat intelligence platforms. The domain is registered through GoDaddy and was created on February 14, 2026, demonstrating its recency. It resolves to IP address 45.207.197.54 and uses a SSL certificate issued by TrustAsia Technologies, Inc., a certificate authority known to be abused in phishing operations. The domain has not yet been added to major blocklists, further increasing its potential reach and effectiveness in phishing campaigns.  Users who have visited this domain should immediately check their cryptocurrency wallets for unauthorized transactions and revoke any permissions granted to connected applications. Do not enter any credentials or private keys into this site. If you entered sensitive information, transfer remaining funds to a new wallet and enable two-factor authentication. Report the domain to your antivirus provider and block it using your network security tools. Monitor financial accounts closely for suspicious activity and consider using hardware wallets for enhanced security. This domain should be treated as hostile and avoided entirely.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-14 20:55:13
- Registrar: GoDaddy
- IP: 45.207.197.54

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/usdt.fhxusd.bar
- PhishDestroy: https://phishdestroy.io/domain/usdt.fhxusd.bar/
- LLM endpoint: https://phishdestroy.io/domain/usdt.fhxusd.bar/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/usdt.fhxusd.bar/
Last updated: 2026-04-07