# claim-assets-token-xyo.pages.dev — SUSPICIOUS > PhishDestroy identifies claim-assets-token-xyo.pages.dev as a crypto drainer impersonating OKX exchange. Flagged by 0 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies that claim-assets-token-xyo.pages.dev is an active domain engaged in brand impersonation targeting the OKX cryptocurrency exchange. This domain is currently under investigation as a potential threat vector for financial fraud, specifically designed to deceive users into surrendering sensitive credentials or transferring digital assets under false pretenses. The site operates under the guise of an official OKX asset claim portal, exploiting the trust associated with the OKX brand to manipulate victims. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a low initial detection rate despite its malicious intent. The domain is registered through Cloudflare, Inc., and resolves to IP address 172.66.47.84. While the SSL certificate is issued by Google Trust Services, this alone does not guarantee legitimacy. The domain's unique seed identifier, ec7f21, correlates with a pattern of crypto drainer infrastructure observed in similar campaigns. The absence of detections on VirusTotal suggests a stealthy deployment, likely intended to evade early-stage detection mechanisms. Users and organizations are advised to exercise extreme caution when encountering this domain or any associated URLs. As of the latest assessment, the status of claim-assets-token-xyo.pages.dev remains active, with no confirmed takedown or remediation at this time. Given the domain's specific targeting of OKX users and its potential to facilitate credential theft or crypto drainer activity, immediate action is recommended. Users should avoid interacting with this domain and report it to relevant authorities or security platforms. Security teams should consider blocking the domain at the network level and updating threat intelligence feeds to include this indicator. Additionally, users should verify the authenticity of any OKX-related communications through official channels and enable multi-factor authentication (MFA) to mitigate the risk of account compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.84 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/claim-assets-token-xyo.pages.dev - PhishDestroy: https://phishdestroy.io/domain/claim-assets-token-xyo.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/claim-assets-token-xyo.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claim-assets-token-xyo.pages.dev/ Last updated: 2026-04-03