# tokenctf.info — SUSPICIOUS > PhishDestroy identifies tokenctf.info impersonating OKX exchange to steal credentials. Domain registered March 27, 2026, hosted on 188.114.97. ## Summary PhishDestroy identifies tokenctf.info as an active brand impersonation phishing domain targeting OKX cryptocurrency exchange users. This domain replicates the visual identity of OKX to deceive visitors into entering login credentials or sensitive financial information. Threat actors leverage this fraudulent site to harvest user credentials and facilitate unauthorized account access, with the ultimate goal of cryptocurrency theft. Technical analysis confirms the domain was registered on March 27, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 188.114.97.3. The domain utilizes a Let's Encrypt SSL certificate to appear legitimate, while current VirusTotal scanning shows 0 detections out of 95 engines, indicating a newly active and undetected threat. This domain poses a high risk due to its active status, low detection rate, and direct impersonation of a major cryptocurrency exchange platform. The domain's recent creation date (March 27, 2026) suggests a rapidly deployed campaign likely targeting current events or market activity. The hosting infrastructure (188.114.97.3) and registrar (NICENIC INTERNATIONAL GROUP CO., LIMITED) provide additional technical indicators for network defenders and users to block or avoid. The complete lack of detections on VirusTotal indicates this campaign has not yet been widely recognized by security vendors, increasing the likelihood of successful user compromise. Users who have visited tokenctf.info should immediately check their OKX accounts for any unauthorized login attempts or transactions. If credentials were entered, change passwords immediately using a different device and enable two-factor authentication. Report the incident to OKX support and consider revoking any API keys or permissions granted to this fraudulent domain. Scan all connected devices for malware and avoid clicking any links received via email or social media that reference this domain. Block the domain at the network level and report it to your organization's security team and relevant authorities such as CERT or local cybercrime units. Exercise extreme caution with any communication claiming to be from OKX, especially those providing links or urging immediate action. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registered: 2026-03-27 16:36:36 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e4595657-e3cb-441d-8cc0-f59d38ea2090 - PhishDestroy: https://phishdestroy.io/domain/tokenctf.info/ - LLM endpoint: https://phishdestroy.io/domain/tokenctf.info/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tokenctf.info/ Last updated: 2026-03-31