# tokenpocket.win — SUSPICIOUS

> tokenpocket.win mimics OKX in a brand impersonation scam, currently undetected by VirusTotal (0/95 scans). Act now to block this fraudulent domain.

## Summary
PhishDestroy identifies tokenpocket.win as a live brand impersonation site masquerading as OKX, a major cryptocurrency exchange. This domain was flagged by security researchers for its deceptive resemblance to the legitimate OKX platform, aiming to trick users into entering sensitive credentials or authorizing malicious wallet connections. The threat is classified as an active brand impersonation attack, leveraging the trust associated with OKX to distribute cryptocurrency drainers or harvest login details for further exploitation.  This domain exhibits multiple red flags across its infrastructure and registration details. Registered through GoDaddy.com, LLC on October 22, 2025, the domain resolves to IP address 188.114.96.3 and currently evades detection with a VirusTotal score of 0 out of 95 antivirus engines. The presence of a Google Trust Services SSL certificate adds a veneer of legitimacy, further deceiving potential victims. These indicators suggest a recently deployed threat actor campaign, likely operating with low visibility to avoid early detection.  Users who have visited tokenpocket.win should immediately revoke any connected wallet permissions, change passwords for OKX and other cryptocurrency accounts, and scan their devices for malware. Avoid interacting with this domain or any links associated with it. Report the domain to your security team or through platforms like VirusTotal to aid in collective threat intelligence. Stay vigilant for similar impersonation attempts targeting OKX or other major crypto platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-10-22 03:13:52
- Registrar: GoDaddy.com, LLC
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/de71d9e3-16d0-4c8e-89ed-19da8529b968
- PhishDestroy: https://phishdestroy.io/domain/tokenpocket.win/
- LLM endpoint: https://phishdestroy.io/domain/tokenpocket.win/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tokenpocket.win/
Last updated: 2026-03-22