# claimbtcetftoken.pages.dev — SUSPICIOUS > claimbtcetftoken.pages.dev: brand impersonation crypto drainer mimicking OKX with 0/95 VirusTotal detections. Do not interact with this domain. ## Summary PhishDestroy identifies claimbtcetftoken.pages.dev (188.114.97.3) as a confirmed crypto drainer hosted on Cloudflare Pages, impersonating the OKX exchange to steal users' digital assets. This fraudulent site bypasses initial detection engines with 0 detections on VirusTotal despite its malicious intent, indicating it may employ obfuscation or zero-day evasion techniques to avoid static analysis. The domain was flagged under seed f2a485 with a status of active and confirmed brand impersonation targeting OKX, a major regulated crypto exchange. This domain was registered through Cloudflare, Inc. using a Google Trust Services SSL certificate to establish false legitimacy. It resolves to IP 188.114.97.3, which has been previously associated with malicious infrastructure in multiple campaigns. The absence of VirusTotal detections (0/95) suggests this domain is either newly deployed or actively evading detection through sophisticated methods such as dynamic payload delivery or domain fronting. Independent threat intelligence confirms its association with seed f2a485 and an ongoing investigation into its infrastructure and distribution vectors. If you visited claimbtcetftoken.pages.dev, immediately disconnect your device from the internet to prevent unauthorized communication with command-and-control servers. Do not enter any credentials or cryptocurrency wallet information. Scan your device with updated antivirus and anti-malware tools, paying special attention to browser extensions and recently installed software. Report the domain to your wallet provider and OKX support. Change passwords only after confirming system safety and consider using a dedicated device for crypto transactions in the future. Monitor your accounts closely for unauthorized activity. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a584c6e5-ca49-4908-8969-5b665ca54ac9 - PhishDestroy: https://phishdestroy.io/domain/claimbtcetftoken.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/claimbtcetftoken.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/claimbtcetftoken.pages.dev/ Last updated: 2026-03-27