# revoke.world — MALICIOUS

> revoke.world impersonates OKX in a brand impersonation crypto drainer attack, flagged by 5 of 95 VirusTotal vendors. Avoid this domain immediately.

## Summary
PhishDestroy identifies revoke.world as an active brand impersonation domain currently masquerading as OKX, a major cryptocurrency exchange platform. This domain is being used in targeted deception campaigns aimed at stealing user credentials and digital assets through fraudulent withdrawal or authentication prompts. The site is currently operational and poses an elevated threat to unsuspecting visitors, particularly those in the crypto community who may be expecting legitimate communication from OKX.

This domain was flagged by 5 of 95 VirusTotal security vendors, indicating partial but concerning detection coverage. It resolves to IP address 104.21.67.15 and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com. The SSL certificate is issued by Google Trust Services, which may give a false sense of legitimacy. The domain was created on December 11, 2025, suggesting it is a very recent and likely opportunistic threat designed to exploit brand recognition during a sensitive time window.

Given the elevated risk posed by brand impersonation and the potential for credential theft or crypto asset drainers, PhishDestroy strongly recommends that users immediately block revoke.world on all devices and networks. Avoid clicking any links or entering credentials on this domain. Users should verify any OKX-related communications through official channels only. Organizations are advised to update firewall rules, DNS blacklists, and endpoint protection systems to include this domain and associated IP. Continuous monitoring for similar newly registered domains mimicking OKX is strongly encouraged.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-12-11 23:18:09
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.67.15

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/revoke.world
- PhishDestroy: https://phishdestroy.io/domain/revoke.world/
- LLM endpoint: https://phishdestroy.io/domain/revoke.world/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/revoke.world/
Last updated: 2026-04-09