# aliabdaaltoken.lol — SUSPICIOUS > Domain aliabdaaltoken.lol impersonates OKX to steal credentials. Registered April 04, 2026, it resolves to 188.114.96.3 with 0/95 VirusTotal detections yet. ## Summary PhishDestroy identifies aliabdaaltoken.lol as an active OKX brand impersonation domain designed to harvest user credentials and financial data through counterfeit login pages. The domain is currently live and leverages visual similarities to OKX’s branding to deceive visitors into entering sensitive information. Security teams have not yet widely flagged this domain, though its infrastructure (including a Let’s Encrypt SSL certificate and hosting on Cloudflare IP range) suggests an operational campaign aimed at cryptocurrency users. This domain was flagged through automated monitoring and confirmed via DNS and certificate analysis. According to available telemetry, aliabdaaltoken.lol was registered on April 04, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to the IP address 188.114.96.3. Notably, only 0 out of 95 VirusTotal scanners currently detect malicious content — indicating low detection coverage and a potential blind spot in passive defenses. The domain uses a spoofed SSL certificate issued by Let’s Encisc, matching OKX’s legitimate certificate authority to build trust, while the rapid domain age and registrar choice are common in short-lived phishing operations. If you visited aliabdaaltoken.lol, immediately stop entering any credentials or personal information. Disconnect from the network to prevent potential data exfiltration and scan your device for unauthorized access or malware. Change your OKX account password using only the official website or mobile app—never via links from emails or ads. Report the domain to OKX security and your organization’s SOC if applicable.clerc ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registered: 2026-04-04 16:39:49 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/aliabdaaltoken.lol - PhishDestroy: https://phishdestroy.io/domain/aliabdaaltoken.lol/ - LLM endpoint: https://phishdestroy.io/domain/aliabdaaltoken.lol/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/aliabdaaltoken.lol/ Last updated: 2026-04-05