# gmt-tokens-web.pages.dev — SUSPICIOUS

> PhishDestroy identifies gmt-tokens-web.pages.dev as an OKX brand impersonation with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies gmt-tokens-web.pages.dev as a deceptive site claiming to offer GMT tokens under the OKX brand. Instead of the real OKX exchange, this page attempts to trick visitors into connecting crypto wallets or handing over login credentials by promising non-existent giveaways or token sales. The site mimics official OKX branding, including logos and styling, to appear legitimate at first glance.  

This domain was flagged by PhishDestroy as active brand impersonation targeting OKX users. It resolves to IP 188.114.96.3 and is served via Cloudflare with a Google Trust Services SSL certificate. The site currently shows 0 detections out of 95 engines on VirusTotal, indicating it is not yet widely recognized by automated security tools. It was registered through Cloudflare, Inc., leveraging the provider’s fast-flux infrastructure to remain operational while evading detection.  

If you visited gmt-tokens-web.pages.dev, do not connect any wallets or enter any credentials. Close the tab immediately and clear your browser cache. If you already entered sensitive information, revoke wallet connections using your wallet provider’s app and change your OKX account password from an official OKX login page. Report the site to Cloudflare via their abuse form and scan your device with updated antivirus software. Always verify token offers by visiting the real OKX website directly—never via links from social media or third-party domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/gmt-tokens-web.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/gmt-tokens-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/gmt-tokens-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gmt-tokens-web.pages.dev/
Last updated: 2026-04-04