# usdtsecures.com — SUSPICIOUS

> usdtsecures.com is a newly registered domain posing as USDT security portal. It hosts a live credential phishing page stealing crypto wallet credentials.

## Summary
PhishDestroy identifies usdtsecures.com as an active credential phishing domain impersonating USDT security infrastructure. This domain leverages a fake portal to harvest user credentials, likely targeting cryptocurrency holders or traders. The threat actor has not yet deployed a known drainer kit, but the page structure mimics legitimate USDT security interfaces to deceive victims.  This domain was flagged with a VirusTotal detection score of 0/95, indicating it remains undetected by most antivirus engines. It was registered through Dynadot Inc on March 19, 2026, and resolves to IP address 35.157.26.135. Google Safe Browsing has not yet flagged the domain, and no entries exist in public blocklists. The domain is newly registered, suggesting a recently launched campaign with low historic reputation.  The campaign status is active, with no takedown or blocklisting observed at investigation time. Immediate response actions include domain takedown requests to Dynadot and IP de-listing to Cloudflare and AWS. Remaining risk is high due to undetected status, recent registration, and active deployment. Users are advised to avoid interaction and report any exposure incidents. This domain remains under active investigation with escalation pending further forensic analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-19 10:17:32
- Registrar: Dynadot Inc
- IP: 35.157.26.135

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a5cb4b7e-ce33-4b8c-852c-cceaa88e0ac3
- PhishDestroy: https://phishdestroy.io/domain/usdtsecures.com/
- LLM endpoint: https://phishdestroy.io/domain/usdtsecures.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/usdtsecures.com/
Last updated: 2026-03-21