# imtoken-zh.vip — SUSPICIOUS

> imtoken-zh.vip hosts an active OKX brand impersonation phishing page with 0/95 VirusTotal detections. Avoid interacting with this crypto drainer.

## Summary
PhishDestroy identifies imtoken-zh.vip as an active threat impersonating the OKX brand to deceive cryptocurrency users. This domain leverages a spoofed page title and SSL certificate to appear legitimate, aiming to trick visitors into connecting wallets or entering credentials.  This domain was flagged with a VirusTotal detection ratio of 0/95, indicating it remains undetected by most antivirus engines as of the latest scan. Technical indicators include registration via Gname.com Pte. Ltd. on March 31, 2026, resolution to IP address 154.89.71.216, and the use of a TrustAsia Technologies, Inc. SSL certificate. The domain’s recent creation and clean VirusTotal score suggest an emerging campaign with low initial detection coverage.  Users who visited imtoken-zh.vip should immediately disconnect any connected wallets, revoke any permissions granted, and scan their devices for malware. Do not enter any credentials or interact further with the site. Report the domain to your security team and block it at the network level. Monitor financial accounts for suspicious transactions and consider rotating API keys or passwords if exposure occurred.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX
- Page title: imtoken-zh.vip

## Domain Intelligence
- Registered: 2026-03-31 09:39:28
- Registrar: Gname.com Pte. Ltd.
- IP: 154.89.71.216

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f4dbac3a-a2aa-49d5-850b-a2e5a0552068
- PhishDestroy: https://phishdestroy.io/domain/imtoken-zh.vip/
- LLM endpoint: https://phishdestroy.io/domain/imtoken-zh.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/imtoken-zh.vip/
Last updated: 2026-04-12