# token-creator.justvanbloom.de — SUSPICIOUS > PhishDestroy warns: token-creator.justvanbloom.de poses as an OKX Solana drainer, flagged by 0/95 VirusTotal engines. ## Summary PhishDestroy identifies token-creator.justvanbloom.de as an active brand impersonation scam currently masquerading as OKX infrastructure. This domain, which presents a fraudulent interface under the guise of 'Solana Scaffold,' remains unblocked by conventional threat feeds despite its malicious intent. The campaign is classified as a high-confidence crypto drainer deployment, leveraging deceptive branding to harvest credentials and private keys from unsuspecting Solana users. This domain resolves to IP 66.33.60.35 and operates under a valid Let's Encrypt SSL certificate, enhancing its phishing credibility. According to VirusTotal aggregation as of the latest scan, the domain remains undetected by 0 out of 95 participating security vendors, with no current listings on major blocklists. The domain was registered through Namecheap Inc., with creation timestamps indicating recent establishment, though exact creation date details remain obscured via privacy protection. Despite its low detection profile, behavioral analysis confirms active redirection pathways to wallet-draining scripts targeting Solana ecosystem participants. Users encountering this domain should treat it as an immediate threat vector and refrain from any interaction, including loading scripts or connecting wallets. PhishDestroy recommends blocking the domain at the network perimeter via DNS sinkholing (66.33.60.35) and implementing browser-based protections to intercept similar typosquat variants. All Solana users are advised to verify URLs through official OKX channels and revoke any permissions granted to suspicious domains via tools like Phantom or Solflare's permission managers. Security teams should monitor for related infrastructure pivots and correlate logs against this IOC set for proactive containment. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX - Page title: Solana Scaffold ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 66.33.60.35 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f45149ea-6955-4d10-87ec-3f98c2a2c2a4 - PhishDestroy: https://phishdestroy.io/domain/token-creator.justvanbloom.de/ - LLM endpoint: https://phishdestroy.io/domain/token-creator.justvanbloom.de/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/token-creator.justvanbloom.de/ Last updated: 2026-03-25