# cybepshoke.com — SUSPICIOUS

> cybepshoke.com is a brand impersonation site mimicking OKX, flagged by 0 of 95 VirusTotal vendors. This domain was registered post-march 2025 and hosts.

## Summary
PhishDestroy identifies cybepshoke.com as an active brand impersonation domain targeting OKX users. The domain is currently under investigation and remains unresolved at time of writing. Threat actors are leveraging misspelled variations of the legitimate OKX crypto exchange to deceive visitors and harvest credentials or drain wallets.

Technical analysis of cybepshoke.com reveals a newly registered domain created on March 27, 2025, resolving to IP address 104.21.71.18. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and secured with a Google Trust Services SSL certificate. VirusTotal currently shows zero detections out of 95 scanning vendors, indicating low detection coverage despite overt impersonation of a major financial platform. No current blocklist entries were identified at time of analysis.

Until this domain is flagged by security vendors and neutralized, PhishDestroy strongly advises against visiting cybepshoke.com or clicking any embedded links. Users who may have interacted with this domain are urged to revoke any granted permissions, rotate API keys, and report the domain via official OKX phishing channels. Organizations are recommended to deploy updated blocklists and monitor for network egress to the associated IP to prevent potential data exfiltration or wallet drainer activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-03-27 13:53:07
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.71.18

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/55e7916e-a5f7-4544-a5c5-575ebc8c90ba
- PhishDestroy: https://phishdestroy.io/domain/cybepshoke.com/
- LLM endpoint: https://phishdestroy.io/domain/cybepshoke.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cybepshoke.com/
Last updated: 2026-03-27