# kod-vpn.ru — SUSPICIOUS

> PhishDestroy identifies kod-vpn.ru as a crypto drainer phishing site claiming to offer a VPN service. 0 of 95 VirusTotal vendors currently flag this active.

## Summary
PhishDestroy identifies the domain kod-vpn.ru as an active crypto drainer phishing site currently under investigation by security analysts. The resource presents itself as a VPN service provider while surreptitiously harvesting cryptocurrency wallet credentials and draining digital assets. No specific brand is being impersonated; instead, the threat actor has created a deceptive service page designed to trick users into connecting their wallets under false pretenses.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating limited current detection across major security platforms. The infrastructure is registered through BEGET-RU with domain creation recorded on March 31, 2026. The site resolves to IP address 147.45.44.133 and utilizes a valid Let’s Encrypt SSL certificate to enhance appearance of legitimacy. Trust scores remain low due to its recent emergence and the absence of historical reputation data.

Given its active status and crypto-draining functionality, kod-vpn.ru poses a HIGH risk to users seeking VPN services. PhishDestroy recommends immediate blocking of this domain and IP at the network and endpoint levels. Users are advised to avoid accessing this site and to verify any VPN-related downloads or links through trusted sources. If interaction has already occurred, disconnect wallet connections and transfer funds to a new address if compromise is suspected.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-31 04:45:24
- Registrar: BEGET-RU
- IP: 147.45.44.133

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/kod-vpn.ru
- PhishDestroy: https://phishdestroy.io/domain/kod-vpn.ru/
- LLM endpoint: https://phishdestroy.io/domain/kod-vpn.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kod-vpn.ru/
Last updated: 2026-04-03