# canbetoken.com — SUSPICIOUS

> PhishDestroy flags canbetoken.com as a brand-impersonation site impersonating OKX with 0/95 VirusTotal detections. Review this unsafe domain now.

## Summary
PhishDestroy identifies the domain canbetoken.com as an active brand-impersonation threat impersonating the OKX cryptocurrency exchange brand. Intelligence shows the site is a crypto-draining operation designed to trick visitors into connecting wallets and approving malicious transactions that siphon digital assets. No drainer kit fingerprints or JavaScript payloads have been extracted yet, indicating the threat actor may be field-testing the page or hiding malicious code behind redirects. The infrastructure is minimal and appears early-stage, but the impersonation payload is already live and receiving traffic.


Technical indicators are conclusive: the domain was created on July 27, 2025; VirusTotal currently scores it 0/95 with no antivirus engines flagging the page; the domain resolves to IPv4 address 2.57.91.0 and uses a valid Let’s Encrypt SSL certificate; the registrar is HOSTINGER operations, UAB; Google Safe Browsing has not yet listed the domain; and third-party blocklist checks show zero detections. These metrics place the domain in a low-signature, high-risk window where detection is delayed but the threat remains active.


The domain remains under active investigation and should be considered high-risk until remediation actions are completed. Users attempting to resolve the page should expect block recommendations from DNS filtering services. Immediate actions include blocking the domain at the firewall and endpoint levels, adding the IP 2.57.91.0 to threat intelligence feeds, and distributing an IOC package to CERT partners to expedite global takedown. Remaining risk is assessed as MEDIUM due to the absence of antivirus detection and the likelihood of ongoing impersonation campaigns against OKX customers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-07-27 00:32:47
- Registrar: HOSTINGER operations, UAB
- IP: 2.57.91.0

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/91774b1c-2547-4d61-b6fb-51584f9bed61
- PhishDestroy: https://phishdestroy.io/domain/canbetoken.com/
- LLM endpoint: https://phishdestroy.io/domain/canbetoken.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/canbetoken.com/
Last updated: 2026-03-24