# okx-web3-tron-usdt-trc20-000000402.pages.dev — SUSPICIOUS

> okx-web3-tron-usdt-trc20-000000402.pages.dev is a crypto drainer impersonating OKX. VirusTotal shows 0/95 detections.

## Summary
PhishDestroy has flagged okx-web3-tron-usdt-trc20-000000402.pages.dev as an active brand impersonation campaign targeting OKX users. This domain mimics official OKX web3 services, specifically the TRON USDT TRC20 interface, to deceive victims into connecting cryptocurrency wallets or entering login credentials. Upon access, the page likely prompts users to authenticate or approve transactions, functioning as a crypto drainer designed to siphon digital assets under false pretenses. The threat is currently under investigation but remains accessible and operational.  

Investigations reveal this domain resolves to IP address 188.114.97.3 and operates behind Cloudflare’s infrastructure, with SSL certification issued by Google Trust Services. Notably, VirusTotal currently reports zero detections across 95 security engines, indicating this threat has not yet been widely recognized or blocked by automated defenses. The domain’s registration and use of Cloudflare suggest an attempt to cloak malicious activity while leveraging trusted certificate authorities to appear legitimate. This combination of evasion techniques lowers the barrier for successful victim engagement.  

Users who have visited okx-web3-tron-usdt-trc20-000000402.pages.dev should immediately cease all interactions with the site and disconnect any connected wallets or accounts. Revoke any unauthorized permissions granted to the domain through wallet interfaces. Report the incident to OKX support and monitor accounts for unauthorized transactions. Use PhishDestroy to verify URLs before clicking and enable multi-factor authentication on all critical platforms. Stay vigilant for similar impersonation campaigns leveraging trusted brand names to exploit crypto users.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d3e03e44-d12a-4975-8db6-d20bf69d0285
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000402.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000402.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000402.pages.dev/
Last updated: 2026-03-28