# cybelshoke.com — MALICIOUS

> PhishDestroy identifies cybelshoke.com as an elevated-risk OKX brand impersonation. This domain, created March 27, 2025, is flagged by 6 of 95 VirusTotal.

## Summary
PhishDestroy identifies cybelshoke.com as an active OKX brand impersonation domain hosting a cryptocurrency drainer kit. The site leverages visual assets and terminology indistinguishable from legitimate OKX support channels to dupe users into connecting wallets and approving malicious token transfers. Domain registration coincided with a recent uptick in fake exchange support campaigns, suggesting coordinated opportunistic fraud rather than a lone actor.  

This domain was flagged by 6 of 95 VirusTotal security vendors and currently exhibits the following technical indicators: registration dated March 27, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 188.114.97.3 and secured via a Google Trust Services SSL certificate. Six other reputable databases already list the domain, cumulative blocklist coverage now totals 6/8.  

Authorities have not yet remediated the domain; it remains live and accessible. Users should immediately block 188.114.97.3 at the firewall and browser policy levels, cease any interaction with cybelshoke.com, and verify all future OKX support queries against the exchange’s official domain list. Persistent elevated risk warrants heightened monitoring for downstream wallet compromise and downstream fraud campaign propagation.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-03-27 13:37:35
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/59c45342-05f7-4558-8e39-2c34e222f7b1
- PhishDestroy: https://phishdestroy.io/domain/cybelshoke.com/
- LLM endpoint: https://phishdestroy.io/domain/cybelshoke.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cybelshoke.com/
Last updated: 2026-03-27