# cybrotoken.pages.dev — SUSPICIOUS > cybrotoken.pages.dev is a brand impersonation site targeting OKX with 0/95 VirusTotal detections. Avoid interaction and report immediately. ## Summary PhishDestroy identifies cybrotoken.pages.dev as a highly suspicious domain engaged in brand impersonation targeting OKX, a major cryptocurrency exchange. This site is designed to deceive users by mimicking OKX’s branding to steal credentials or siphon cryptocurrency assets. The domain leverages a Cloudflare-hosted page on Google Trust Services SSL infrastructure, making it appear legitimate at first glance. Security researchers have flagged this as a potential crypto drainer or credential theft operation, though it currently evades traditional antivirus detection. This domain resolves to IP 188.114.96.3 and operates under Cloudflare, Inc., a common tactic to obscure hosting origins. VirusTotal currently shows 0 detections out of 95 engines, indicating it has not yet been widely blacklisted. The impersonation of OKX, a globally recognized brand, increases the risk of successful deception, particularly among less tech-savvy users. The use of a Pages.dev subdomain (part of Cloudflare’s developer platform) further complicates detection, as such services are often abused for short-lived malicious campaigns. If you visited cybrotoken.pages.dev, cease all interaction with the site immediately. Do not enter any credentials, wallet addresses, or personal information. Disconnect from the site and clear your browser cache. If you provided sensitive data, revoke any exposed API keys or wallet permissions linked to OKX or other platforms. Report the domain to Google Safe Browsing, VirusTotal, and your browser’s security team. Use a reputable ad-blocker or security extension to block future access. Stay vigilant—such domains often evolve to evade detection, so treat this site as untrusted until further notice. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8fbcbabd-87e7-4093-ba1c-a81c897627d3 - PhishDestroy: https://phishdestroy.io/domain/cybrotoken.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/cybrotoken.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cybrotoken.pages.dev/ Last updated: 2026-04-01