# amazontoken.co — SUSPICIOUS > amazontoken.co impersonates OKX crypto exchange to steal credentials. Domain created Nov 24, 2025, hosted at 192.124.249.40. Do not enter login details. ## Summary PhishDestroy identifies amazontoken.co as an active brand-impersonation scam targeting OKX users. This site mimics the official OKX exchange to trick victims into revealing login credentials and enabling fund theft. The domain was registered through GoDaddy.com, LLC on November 24, 2025 and currently resolves to IP address 192.124.249.40. VirusTotal scanning shows zero detections at this time, highlighting the need for rapid public exposure before antivirus signatures catch up. This domain poses a high immediate risk because it directly impersonates a major cryptocurrency exchange. Fake OKX login pages harvest usernames, passwords, and two-factor codes, which attackers then use to drain exchange accounts. The threat is amplified by the domain’s recent creation date—just weeks old—combined with zero VirusTotal detections as of today. Registrar data confirms GoDaddy hosting, and the SSL certificate issued by GoDaddy.com, Inc. adds superficial legitimacy while masking criminal intent. If you visited amazontoken.co, immediately change your OKX password using a different device, enable hardware 2FA, and revoke any connected API keys. Check your account for unauthorized withdrawals or trades. Report the site to OKX via official channels and scan your device with up-to-date antivirus software. Avoid entering any credentials on this domain. Forward suspicious links to OKX’s verified fraud reporting address and warn others in crypto communities to prevent further victimization. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registered: 2025-11-24 12:55:27 - Registrar: GoDaddy.com, LLC - IP: 192.124.249.40 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/71c52693-cce0-4b02-836d-69c5ad64ba2f - PhishDestroy: https://phishdestroy.io/domain/amazontoken.co/ - LLM endpoint: https://phishdestroy.io/domain/amazontoken.co/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/amazontoken.co/ Last updated: 2026-03-30