# kouyiocri.ru — SUSPICIOUS > kouyiocri.ru is a crypto drainer site. Flagged by 4 of 95 VirusTotal vendors, it impersonates cryptocurrency brands. Verify safety on PhishDestroy. ## Summary PhishDestroy identifies kouyiocri.ru as an active crypto drainer domain. This recently registered malicious site poses an elevated risk to cryptocurrency users by attempting to deceive victims into connecting wallets or transferring funds. The domain was flagged by 4 of 95 VirusTotal security vendors, demonstrating early detection of its malicious nature. Registered through R01-RU on March 28, 2026, the domain resolves to IP address 103.136.43.130 and operates with a valid Let's Encrypt SSL certificate, which threat actors often use to appear legitimate. With only 4 detections on VirusTotal and no additional blocklist data available, this domain remains under the radar while actively propagating. This domain is currently active and represents a concrete threat to cryptocurrency users. Users are strongly advised to avoid interacting with kouyiocri.ru and verify any related URLs or claims using PhishDestroy’s real-time safety lookup. Security teams should consider blocking the domain and IP address 103.136.43.130 at the network level. Always inspect SSL certificates for anomalies and cross-reference domains with established threat intelligence feeds. For further protection, enable wallet connection warnings and use hardware wallets for high-value transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 21:51:41 - Registrar: R01-RU - IP: 103.136.43.130 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/kouyiocri.ru - PhishDestroy: https://phishdestroy.io/domain/kouyiocri.ru/ - LLM endpoint: https://phishdestroy.io/domain/kouyiocri.ru/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kouyiocri.ru/ Last updated: 2026-04-08