# okin.vip — SUSPICIOUS

> okin.vip is currently hosting a fake giveaway scam detected by Google Safe Browsing. Visit our full report for detailed safety guidance on this social.

## Summary
PhishDestroy identifies okin.vip as an active domain involved in a fake giveaway or reward scam, currently under investigation but flagged as high-risk due to its social engineering nature. Google Safe Browsing has already classified this domain under SOCIAL_ENGINEERING, indicating active efforts to deceive users into engaging with fraudulent prize offers or survey scams. The domain was registered on August 26, 2025, through Gname.com Pte. Ltd., a registrar known for accommodating high-risk domains. VirusTotal scans show 0 detections out of 95 engines, suggesting it has yet to be widely flagged despite its malicious activity. Resolving to IP 195.130.202.164, the domain has already been blocked by InversionDNS and appears on one security blocklist, though its SSL certificate from Let’s Encrypt may temporarily mislead users into believing it is trustworthy.  This domain exhibits multiple red flags indicative of a coordinated phishing campaign. Its recent creation date (August 26, 2025) suggests opportunistic registration aligned with impending events or trends to maximize victim engagement. The complete absence of detections on VirusTotal is not uncommon for newly deployed phishing domains, as threat intelligence feeds often require time to propagate updates. The involvement of Gname.com Pte. Ltd. as the registrar raises additional concerns, as this provider has been associated with numerous fraudulent domains in the past. The IP address 195.130.202.164 is linked to hosting infrastructure frequently abused for phishing and malware distribution, further compounding the risk profile of okin.vip. Despite the lack of widespread detection, its classification under Google Safe Browsing’s SOCIAL_ENGINEERING category confirms its malicious intent to manipulate users through deceptive prize claims or fake reward notifications.  To mitigate exposure to this threat, users should avoid interacting with okin.vip entirely and report the domain to their email providers or browsers if encountered in phishing emails or messages. Organizations should consider blocking the domain at the DNS level using real-time threat intelligence feeds and updating firewall rules to prevent outbound connections to 195.130.202.164. Additionally, users should enable browser-based phishing protections, such as Google Safe Browsing or equivalent services, to receive immediate warnings about malicious domains. If any personal information was entered on this site, users must assume it has been compromised and immediately change passwords, monitor financial accounts, and consider freezing credit reports to prevent identity theft. Proactive sharing of this intelligence within threat-sharing communities can help prevent further propagation of this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-26 04:43:49
- Registrar: Gname.com Pte. Ltd.
- IP: 195.130.202.164

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["InversionDNS"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2e6c3333-1cd9-4666-ad85-cb93b07a6a5a
- PhishDestroy: https://phishdestroy.io/domain/okin.vip/
- LLM endpoint: https://phishdestroy.io/domain/okin.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okin.vip/
Last updated: 2026-03-28