# defidappstoken.pages.dev — SUSPICIOUS > Potential OKX brand impersonation detected on defidappstoken.pages.dev. 2/95 VT detections flag cryptocurrency drainer kit. Check the full report. ## Summary PhishDestroy identifies defidappstoken.pages.dev as an actively hostile domain leveraging brand impersonation targeting the OKX cryptocurrency exchange. This domain is deployed as a cryptocurrency drainer kit designed to deceive users into connecting their wallets under the guise of legitimate OKX services. The infrastructure is hosted on Cloudflare Pages, enabling rapid deployment and evasion of traditional takedown measures while maintaining plausible deniability through Google Trust Services SSL certificates. This configuration is consistent with modern adversary behaviors where threat actors abuse reputable platforms to deliver high-conviction phishing payloads to cryptocurrency users. Technical indicators confirm elevated risk exposure: the domain exhibits a VirusTotal detection ratio of 2/95 security vendors, indicating low but meaningful recognition by security controls. It resolves to IP address 188.114.97.3, a Cloudflare edge node frequently abused for phishing and malware delivery. Registered through Cloudflare, Inc., the domain operates under an SSL certificate issued by Google Trust Services, further enhancing its appearance of legitimacy. It has been observed on one active security blocklist and was flagged by ScamSniffer, a leading blockchain threat intelligence platform. While the creation date remains undisclosed due to Cloudflare’s privacy protections, the domain’s operational timeline and evasion tactics suggest recent activation. As of this advisory, defidappstoken.pages.dev remains active and poses an elevated ongoing threat to users interacting with OKX-branded services. Immediate response actions include updating network blocklists to include this domain and its associated IP, along with flagging the drainer kit for endpoint detection. Despite mitigation efforts, residual risk persists due to the domain’s reliance on Cloudflare’s resilient infrastructure and the continued evolution of cryptocurrency-focused social engineering campaigns. Users are strongly advised to verify destination URLs through official OKX channels and abstain from interacting with wallet connection prompts delivered via unverified domains or third-party platforms. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/05cd2c81-f39e-42be-a242-ce6089101386 - PhishDestroy: https://phishdestroy.io/domain/defidappstoken.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/defidappstoken.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/defidappstoken.pages.dev/ Last updated: 2026-03-24