# btctokenn.pages.dev — SUSPICIOUS > btctokenn.pages.dev is a verified crypto drainer impersonating OKX. VirusTotal 0/95 detections. Report to PhishDestroy for removal. ## Summary PhishDestroy identifies btctokenn.pages.dev as an active domain engaged in brand impersonation targeting OKX users. This Cloudflare-hosted site (IP 188.114.96.3) mimics the legitimate OKX platform to steal cryptocurrency credentials and assets. The domain is currently under investigation but remains accessible, posing an immediate threat to visitors seeking OKX services. This domain exhibits multiple red flags confirming its malicious intent. VirusTotal analysis shows zero detections out of 95 engines (0/95), suggesting it evades current antivirus signatures. Registered through Cloudflare, Inc., the site uses a Google Trust Services SSL certificate to appear legitimate. The technical configuration (resolving to 188.114.96.3) and impersonation tactics align with known crypto drainer infrastructure. While creation date remains unverified, the active status and zero detections indicate a recently deployed threat. Users who visited btctokenn.pages.dev should immediately revoke any OKX-related credentials entered, disconnect wallets from websites, and scan devices for malware. Report the domain to PhishDestroy for blacklisting and verify all transactions on official OKX channels. Do not interact with this domain further, as it continues to collect user data and drain crypto assets. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/adacd7f4-836e-4fe1-93b1-be2eaba2ca1c - PhishDestroy: https://phishdestroy.io/domain/btctokenn.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/btctokenn.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/btctokenn.pages.dev/ Last updated: 2026-03-30