# tokenpocket.mom — MALICIOUS

> PhishDestroy flags tokenpocket.mom as a crypto drainer mimicking OKX. This domain resolved to IP 144.31.11.214 with a 17/95 VirusTotal detection rate.

## Summary
PhishDestroy identifies tokenpocket.mom as an active crypto drainer domain engaged in brand impersonation of OKX, a global cryptocurrency exchange. The domain was specifically configured to mimic OKX’s branding, likely to deceive users into connecting crypto wallets under the pretense of token swaps or liquidity mining. While no drainer kit artifacts are publicly visible, the operational intent aligns with known JavaScript-based crypto drainers that execute unauthorized token transfers upon wallet connection. The site uses a Let’s Encrypt SSL certificate, which is common among both legitimate and malicious sites, but offers no assurance of safety given the impersonation context and high detection rate.  This domain was flagged by 17 out of 95 VirusTotal security vendors and is currently resolving to IP address 144.31.11.214. It was registered on January 27, 2026 through Hongkong Kouming International Limited. The domain has not been flagged by Google Safe Browsing (GSB) as of the latest analysis, but it has accumulated multiple blocklist entries across threat intelligence feeds. The creation date is unusually recent for a domain with such activity, suggesting opportunistic registration timed with market events or user behavior patterns.  As of the latest assessment, tokenpocket.mom remains active and presents an elevated risk due to its active impersonation of OKX and crypto wallet draining capabilities. Users should avoid interacting with this domain entirely. PhishDestroy recommends immediate blocking at the network and endpoint level. While the immediate danger can be mitigated through blacklisting and user awareness, the domain’s recent creation and high detection rate indicate it may remain operational for some time. Users are urged to verify any cryptocurrency-related domain through a trusted source before engagement.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2026-01-27 09:15:30
- Registrar: Hongkong Kouming International Limited
- IP: 144.31.11.214

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/98d66cff-8ca5-460e-bf01-58940a2a62a5
- PhishDestroy: https://phishdestroy.io/domain/tokenpocket.mom/
- LLM endpoint: https://phishdestroy.io/domain/tokenpocket.mom/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tokenpocket.mom/
Last updated: 2026-03-29