# claim-blockdagtoken.pages.dev — SUSPICIOUS

> claim-blockdagtoken.pages.dev impersonates OKX to steal credentials; resolves to IP 172.66.44.103 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies claim-blockdagtoken.pages.dev as an active brand-impersonation domain targeting OKX users. The site masquerades as the legitimate OKX platform to harvest login credentials and personal data, presenting a clear account-takeover risk. At the time of analysis, VirusTotal shows 0 detections out of 95 engines, indicating it remains under the radar despite its malicious intent. The domain resolves to IP 172.66.44.103 and is registered through Cloudflare, Inc., leveraging Google Trust Services for an SSL certificate to appear legitimate.  

Technical indicators confirm this domain is newly active and lightly documented. VirusTotal’s 0/95 detections suggest a low AV coverage, while the Cloudflare registration and Google Trust SSL certificate are commonly abused by threat actors to create a false sense of security. The domain is hosted on Cloudflare Pages, a platform often exploited for rapid deployment of spoofed brand pages. The absence of blocklist entries and low threat intelligence suggest this campaign may be in early stages or narrowly targeted, increasing the risk of successful deception among unsuspecting users.  

To mitigate risk, users should avoid interacting with claim-blockdagtoken.pages.dev entirely. Always verify URLs via official OKX channels and bookmark the correct login page. Enable multi-factor authentication on OKX accounts to reduce impact if credentials are compromised. Report suspicious domains to security teams and use reputable browser extensions or DNS filtering services that can detect emerging impersonation campaigns. If credentials were entered, change passwords immediately and monitor for unauthorized transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.103

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/claim-blockdagtoken.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/claim-blockdagtoken.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/claim-blockdagtoken.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claim-blockdagtoken.pages.dev/
Last updated: 2026-04-05