# www.imtokensov.com — SUSPICIOUS

> imtokensov.com impersonates OKX as a crypto drainer drainer with 0/95 VirusTotal detections. Avoid this site immediately.

## Summary
PhishDestroy identifies imtokensov.com as an active brand-impersonation domain posing as OKX, deploying a suspected crypto-drain attack to steal user funds. The domain was flagged under seed 4ba696 and remains under investigation by threat intelligence teams due to its high-risk targeting of digital-asset users. This campaign shows clear intent to mimic a trusted exchange interface and intercept private keys or transaction approvals.  This domain was registered through Gname.com Pte. Ltd. on September 02, 2025 and resolves to IP address 45.205.7.2. VirusTotal currently shows 0 detections out of 95 scanners, indicating it has not yet been widely blacklisted despite clear malicious indicators. The site uses a valid Let’s Encrypt SSL certificate, increasing its credibility to unsuspecting users. The domain name closely mimics the legitimate OKX wallet brand, leveraging typo similarity and brand trust to deceive visitors.  To mitigate exposure, users should immediately block access to imtokensov.com at the network level and avoid any interaction with wallet-related prompts on this domain. Verify all cryptocurrency-related domains against official OKX channels and enable hardware wallet confirmation for all transactions. Report this domain to your security team and update threat intelligence feeds to prevent further propagation. Do not enter private keys, seed phrases, or wallet passwords on any site accessed via imtokensov.com.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-09-02 06:28:17
- Registrar: Gname.com Pte. Ltd.
- IP: 45.205.7.2

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/17591c5b-d789-41f3-887c-48c4e7d6f15a
- PhishDestroy: https://phishdestroy.io/domain/www.imtokensov.com/
- LLM endpoint: https://phishdestroy.io/domain/www.imtokensov.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.imtokensov.com/
Last updated: 2026-03-25