# www.distortedtoken.fun — SUSPICIOUS

> Beware of www.distortedtoken.fun impersonating OKX. Low-risk phishing domain now offline. Stay vigilant and avoid suspicious crypto sites.

## Summary
PhishDestroy identifies www.distortedtoken.fun as a phishing domain designed to impersonate the cryptocurrency exchange OKX. Registered recently on March 11, 2026, the domain was likely created to deceive users and harvest sensitive information by mimicking the OKX brand. Despite its low-risk rating, the domain poses potential threats typical of brand impersonation campaigns targeting crypto users.

Technical analysis shows that www.distortedtoken.fun was registered through PDR Ltd. d/b/a PublicDomainRegistry.com. VirusTotal scans report only one detection out of 95 security engines, further supporting its low-threat profile. The domain appeared on one security blocklist, reinforcing suspicion of fraudulent activity but indicating limited exposure or distribution. Such infrastructure points to an opportunistic but not yet widespread phishing effort.

Currently, www.distortedtoken.fun is offline and unavailable, reducing immediate risks. PhishDestroy recommends users remain cautious of any domains mimicking OKX or other crypto platforms, especially newly registered ones with obscure extensions like ".fun." Users should verify URLs carefully and avoid entering credentials on suspicious sites. Network defenders should continue monitoring related domains and threats using the unique seed "2562fe" for threat intelligence correlation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 404)
- Target brand: OKX

## Domain Intelligence
- Registered: 2026-03-11 23:07:01
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- Nameservers: ["amos.ns.cloudflare.com", "maya.ns.cloudflare.com"]

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- PhishDestroy: https://phishdestroy.io/domain/www.distortedtoken.fun/
- LLM endpoint: https://phishdestroy.io/domain/www.distortedtoken.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.distortedtoken.fun/
Last updated: 2026-03-19