# token.apple.insms.chat — SUSPICIOUS

> Domain token.apple.insms.chat impersonates OKX exchange with 0/95 VirusTotal detections. Investigate this active brand impersonation threat now.

## Summary
PhishDestroy identifies token.apple.insms.chat as an active brand impersonation domain targeting OKX users through fraudulent token-related lures. This domain employs sophisticated social engineering tactics, mimicking Apple’s SMS notification infrastructure while promoting fake OKX token offers. No drainer kit artifacts were detected during initial triage, but the page structure suggests typical phishing workflows including fake wallet connection prompts. Investigators note the domain’s Apple-themed subdomains as a deliberate attempt to bypass user scrutiny.

Technical analysis reveals the page resolves to IP 104.21.71.98 and currently exhibits 0 detections across 95 VirusTotal scanners. The domain was registered through Cloudflare, Inc. with an SSL certificate issued by Google Trust Services, adding a veneer of legitimacy. Creation occurred recently with no available historical data suggesting opportunistic registration. While the domain remains unflagged by Google Safe Browsing, third-party threat intelligence shows zero blocklist detections. The combination of fresh registration, minimal detection coverage, and brand impersonation indicates active but low-sophistication threat activity.

This domain remains ACTIVE with risk assessment still under investigation. Security teams should block 104.21.71.98 at the network perimeter and investigate DNS queries for token.apple.insms.chat. Users are advised to verify all OKX communications through official channels and avoid interacting with SMS links claiming to originate from Apple or OKX. The current risk posture could escalate if this campaign gains traction, with potential for credential harvesting or cryptocurrency theft.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.21.71.98

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/token.apple.insms.chat
- PhishDestroy: https://phishdestroy.io/domain/token.apple.insms.chat/
- LLM endpoint: https://phishdestroy.io/domain/token.apple.insms.chat/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/token.apple.insms.chat/
Last updated: 2026-04-06