# asrg-tokenchecker.pages.dev — SUSPICIOUS > PhishDestroy flags asrg-tokenchecker.pages.dev as an active crypto drainer impersonating OKX. 0/95 VirusTotal detections—verify before any interaction. ## Summary The domain asrg-tokenchecker.pages.dev is currently under active investigation as a brand-impersonation threat targeting users of the OKX exchange. PhishDestroy analysts have identified this host as a crypto-drainer landing page, designed to trick visitors into approving malicious token-transfer approvals that silently drain wallet funds. Because the page leverages the .pages.dev suffix, a legitimate Cloudflare Pages domain, inexperienced users may believe the site is endorsed by OKX itself, increasing the likelihood of compromise. The risk level remains under_investigation while additional telemetry and pivot analysis are collected, but the threat is already active and should be treated as hostile. This domain was flagged with zero detections out of 95 engines on VirusTotal (0/95), indicating it is not yet widely blacklisted despite clear malicious intent. It resolves to the IP address 188.114.96.3, which is geolocated to a known anycast range operated by Cloudflare. The site presents a fraudulent SSL certificate issued by Google Trust Services, which does not inherently indicate legitimacy when paired with deceptive branding. The domain was registered through Cloudflare, Inc., and the subdomain path /tokenchecker/ explicitly mimics OKX’s legitimate token-verification tools, reinforcing the impersonation angle. No current blocklist entries or domain-reputation scores are available for this host, leaving a dangerous detection gap that attackers are exploiting. To mitigate exposure to this crypto-drainer, users should never visit or interact with links advertising unofficial OKX tools, especially those hosted on *.pages.dev or similar public-page services. If you receive a message pointing to asrg-tokenchecker.pages.dev—whether via email, social media, or messaging apps—assume it is malicious and delete it immediately. Before authorizing any blockchain transaction, verify the destination URL directly in your wallet or on OKX’s official site; use bookmarks or typed URLs exclusively. Enable wallet-phishing protections where available and consider revoking suspicious token approvals using reputable tools such as revoke.cash. Organizations should block 188.114.96.3 at the perimeter and monitor internal DNS lookups for asrg-tokenchecker.pages.dev as part of their threat-hunting playbooks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d766a5f5-feee-475a-aeca-ba0dd2f8ffb8 - PhishDestroy: https://phishdestroy.io/domain/asrg-tokenchecker.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/asrg-tokenchecker.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/asrg-tokenchecker.pages.dev/ Last updated: 2026-03-25