# www.pepetotoken.xyz — SUSPICIOUS

> PhishDestroy identifies PepeToToken.xyz as a fake OKX drainer site. Registered March 19, 2026 via NICENIC, hosted on 64.29.17.

## Summary
PhishDestroy flagged PepeToToken.xyz as an active brand-impersonation domain targeting OKX users. Registered on March 19, 2026, the domain resolves to IP 64.29.17.65 via NICENIC INTERNATIONAL GROUP CO., LIMITED and is secured with a Let’s Encrypt SSL certificate. No known drainer kit has been catalogued as of this report, but the site is engineered to mimic OKX’s branding to deceive visitors into connecting wallets or entering credentials, thereby enabling fund theft.  This domain carries a risk level of under_investigation and remains undetected by 95 VirusTotal engines as of the latest scan. It is unlisted on Google Safe Browsing and shows no presence on public blocklists. The registration date and hosting provider are consistent with newly created malicious infrastructures designed for short-lived campaigns, often lasting days to weeks before takedown or obsolescence.  As of today, the domain remains active and poses a direct threat to cryptocurrency users seeking OKX services. Users should avoid visiting PepeToToken.xyz and block the domain at the network level. If accidentally accessed, disconnect wallets immediately and revoke any connected permissions. Organizations are advised to monitor for connections to 64.29.17.65 and update threat intelligence feeds accordingly. Remaining risk is moderate due to low detection rates and active hosting, warranting heightened vigilance.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2026-03-19 00:54:29
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 64.29.17.65

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e93fdb5a-da7a-4f14-a66c-cb34c8f8e81f
- PhishDestroy: https://phishdestroy.io/domain/www.pepetotoken.xyz/
- LLM endpoint: https://phishdestroy.io/domain/www.pepetotoken.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.pepetotoken.xyz/
Last updated: 2026-03-22