# xai.protousd.com — SUSPICIOUS > xai.protousd.com impersonates USDT services. VirusTotal flags 1/95 vendors. Check the full report. ## Summary PhishDestroy identifies xai.protousd.com as an active fake USDT phishing domain designed to steal cryptocurrency credentials and personal data. This domain mimics legitimate USDT services to deceive users into entering sensitive information such as wallet addresses, private keys, or login credentials, potentially leading to financial loss. The threat is categorized as generic phishing due to its broad targeting of cryptocurrency users under the guise of a reputable stablecoin service. Security researchers and users are urged to treat this domain with extreme caution, as it is engineered to exploit trust in well-known financial platforms. This domain was flagged by PhishDestroy’s automated systems and confirmed through multiple threat intelligence sources. VirusTotal analysis reveals that only 1 out of 95 security vendors currently detect this domain as malicious, highlighting the stealthy nature of this phishing campaign. The domain was registered through Name.com, Inc., on December 27, 2024, and is associated with the IP address 76.76.21.123. The presence of a Let’s Encrypt SSL certificate further lends false legitimacy to the site, making it more convincing to unsuspecting users. Given its recent registration and low detection rate, this domain poses an elevated risk and should be considered actively malicious. Users who have visited xai.protousd.com or entered any information on the site are strongly advised to take immediate action to secure their accounts. Disconnect from the internet to prevent potential remote access by threat actors, and scan all connected devices for malware using reputable antivirus software. If any cryptocurrency wallet credentials, private keys, or personal data were entered, transfer funds to a new wallet immediately and revoke any exposed API keys or permissions. Report the incident to your financial institution or cryptocurrency platform, and consider enabling multi-factor authentication (MFA) on all related accounts. Monitor financial transactions closely for unauthorized activity, and avoid interacting with any further communications from this domain or its associated infrastructure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-12-27 15:03:37 - Registrar: Name.com, Inc. - IP: 76.76.21.123 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/449d52af-26f7-4c95-894c-5d424407a111 - PhishDestroy: https://phishdestroy.io/domain/xai.protousd.com/ - LLM endpoint: https://phishdestroy.io/domain/xai.protousd.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/xai.protousd.com/ Last updated: 2026-03-26