# ouyi.dance — SUSPICIOUS

> ouyi.dance hosts a generic phishing page flagged for credential theft with 0/95 VirusTotal detections. Verify before engagement.

## Summary
PhishDestroy identifies ouyi.dance as an ACTIVE generic phishing domain currently under investigation for credential theft activities. This domain resolves to IP 54.215.31.113 and utilizes a Let’s Encrypt SSL certificate to appear legitimate. With zero detections across 95 VirusTotal engines and registered via Dynadot Inc on October 2, 2025, active monitoring remains critical as the threat surface continues to evolve with minimal immediate detection coverage.  This domain was registered on October 2, 2025, indicating a recent emergence aligned with opportunistic phishing campaigns. The use of a reputable registrar (Dynadot) and valid SSL certification reflects common tactics to bypass user suspicion and browser warnings. Despite the absence of current AV signatures (0/95 on VirusTotal), behavioral patterns and domain age suggest a high likelihood of imminent malicious use, particularly in impersonation or data harvesting operations.  Users who accessed ouyi.dance are advised to immediately change any entered credentials, scan local devices for malware, and review financial accounts for unauthorized activity. Avoid visiting the domain entirely. Report the domain to your security team or through platforms like PhishDestroy to aid in collective defense. Always verify URLs via trusted sources and use password managers or two-factor authentication to mitigate credential theft risks. Monitor network traffic and endpoints for anomalous connections associated with this IP.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-10-02 15:15:18
- Registrar: Dynadot Inc
- IP: 54.215.31.113

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1fee19f3-b02f-47db-85d4-1b80d142bd06
- PhishDestroy: https://phishdestroy.io/domain/ouyi.dance/
- LLM endpoint: https://phishdestroy.io/domain/ouyi.dance/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ouyi.dance/
Last updated: 2026-03-31