# shop.okxshop.info — SUSPICIOUS

> PhishDestroy flags impersonation of OKX Exchange at shop.okxshop.info; it resolves to 38.190.210.102 and carries a Let's Encrypt SSL.

## Summary
PhishDestroy identifies shop.okxshop.info as an active brand-impostor targeting OKX, the global cryptocurrency exchange. The domain displays a storefront façade indistinguishable from legitimate OKX merchant pages, employing social-engineering to trick visitors into disclosing credentials or cryptocurrency. No drainer kit artifacts were observed in sandbox runs, indicating the threat actor is presently harvesting data rather than auto-transferring assets.  shop.okxshop.info was registered using Namecheap, Inc. and resolves to IPv4 38.190.210.102. VirusTotal reports 0 detections out of 95 engines and the domain is not flagged by Google Safe Browsing. The domain was created within the last 90 days and currently hosts a live OKX-lookalike storefront over HTTPS (Let's Encrypt certificate). Public blocklist aggregators list the domain as unlisted, highlighting its recent emergence.  The site remains active at the time of writing, with continued impersonation of OKX branding and checkout flows. PhishDestroy recommends blocking 38.190.210.102 at the network perimeter and flagging shop.okxshop.info via DNS sinkholing or browser blocklists at enterprise scale. Users should verify merchant domains via official OKX channels before any transaction. Remaining risk is assessed as medium: low AV detectability combined with zero blocklist coverage suggests potential for rapid abuse escalation. Updated IOCs are available via PhishDestroy under seed d20f74.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 38.190.210.102

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/14f124c9-9352-4419-8727-73f6f6bf0446
- PhishDestroy: https://phishdestroy.io/domain/shop.okxshop.info/
- LLM endpoint: https://phishdestroy.io/domain/shop.okxshop.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/shop.okxshop.info/
Last updated: 2026-03-24