# otcjdtoken.vip — SUSPICIOUS

> otcjdtoken.vip impersonates OKX in fake token scam. Google Safe Browsing flags social engineering. Check the full report.

## Summary
PhishDestroy identifies otcjdtoken.vip as an active brand impersonation domain targeting OKX users in a cryptocurrency token scam. This domain is currently under investigation but poses immediate risk due to its active status and impersonation tactics aimed at deceiving cryptocurrency investors seeking legitimate OKX trading opportunities.


This domain was flagged with a social engineering warning by Google Safe Browsing and remains undetected on VirusTotal with 0/95 security engines flagging it. Registered on June 09, 2025, through Gname.com Pte. Ltd., it resolves to IP 104.21.57.81 and is secured with a Google Trust Services SSL certificate. The domain appears on one security blocklist and is actively blocked by InversionDNS, indicating early-stage but recognized malicious activity. Despite low detection rates, its combination of fresh registration, targeted impersonation, and active blocking suggests evolving threat activity.


To mitigate exposure to this scam, avoid interacting with otcjdtoken.vip or any unsolicited links claiming OKX token sales. Verify all OKX communications through official channels and enable multi-factor authentication on accounts. Report suspicious domains to phishing response teams and monitor for unexpected cryptocurrency wallet prompts. Infrastructure indicators include the domain, IP 104.21.57.81, and the specific SSL issuer, which should be blocked at network level to prevent further access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-06-09 02:03:03
- Registrar: Gname.com Pte. Ltd.
- IP: 104.21.57.81

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["InversionDNS"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6b2a134c-eaea-4921-86f3-59d46a625352
- PhishDestroy: https://phishdestroy.io/domain/otcjdtoken.vip/
- LLM endpoint: https://phishdestroy.io/domain/otcjdtoken.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/otcjdtoken.vip/
Last updated: 2026-03-31