# btcetftokenclaim.pages.dev — SUSPICIOUS > PhishDestroy identifies btcetftokenclaim.pages.dev as a brand impersonation crypto drainer mimicking OKX. VirusTotal shows 0/95 detections as of latest scan. ## Summary PhishDestroy identifies the domain btcetftokenclaim.pages.dev as an active brand impersonation scam targeting OKX cryptocurrency exchange users. The page, hosted on Cloudflare Pages, is designed to deceive victims into connecting their wallets under the guise of an OKX-branded ETF token claim interface. Unlike traditional phishing that harvests credentials, this campaign leverages a crypto drainer kit—malicious scripts that automatically execute token transfers upon wallet connection without requiring additional authorization steps. This domain resolves to IP address 172.66.47.120 and is registered through Cloudflare, Inc., utilizing Google Trust Services for SSL certification. As of the most recent scan, VirusTotal reports 0 detections out of 95 security engines, indicating this threat has not yet been widely flagged by automated systems. While the domain was recently created and has not accumulated significant blocklist presence, the absence of detections suggests it remains under the radar of major threat intelligence platforms. Google Safe Browsing (GSB) status is currently unflagged, further contributing to its stealth profile. The campaign is assessed as ACTIVE and under ongoing investigation by multiple threat intelligence teams. Users are strongly advised to avoid interacting with this domain or any associated links claiming to offer OKX ETF token distributions. Immediate response actions include blocking the domain at DNS and network levels, reporting the URL to Google Safe Browsing and domain registrars, and warning OKX users through official communication channels. Remaining risk is evaluated as HIGH due to the drainer’s operational nature, ease of domain generation, and lack of current detection coverage. Users should verify all cryptocurrency-related claims directly through official OKX platforms before taking any action involving digital assets. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.120 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a6a042d6-c33d-4d8d-b203-1b893f0b2b57 - PhishDestroy: https://phishdestroy.io/domain/btcetftokenclaim.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/btcetftokenclaim.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/btcetftokenclaim.pages.dev/ Last updated: 2026-03-26