# goompytokencollector.pages.dev — SUSPICIOUS

> goompytokencollector.pages.dev actively impersonates OKX in a crypto drainer scheme. Only 0 of 95 VirusTotal engines flagged it so far.

## Summary
PhishDestroy identifies the domain goompytokencollector.pages.dev as an active brand impersonation threat targeting OKX users. Security analysts report the site is currently operational and under investigation for distributing a crypto drainer disguised as an OKX token collector.  This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scans, indicating it has yet to be widely recognized by detection engines despite its malicious intent. The domain was registered through Cloudflare, Inc., resolves to IP address 172.66.44.76, and operates under a Google Trust Services SSL certificate, which may contribute to initial credibility.  While the threat remains active, immediate action is recommended. Users should avoid interacting with goompytokencollector.pages.dev and ensure their security tools are updated. Organizations are advised to block the domain at the network level and report its indicators to threat intelligence platforms for broader defense.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.76

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/78025231-df0c-468a-b478-af89000a0018
- PhishDestroy: https://phishdestroy.io/domain/goompytokencollector.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/goompytokencollector.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/goompytokencollector.pages.dev/
Last updated: 2026-03-24