# okx-web3-tron-usdt-trc20-000000422.pages.dev — SUSPICIOUS

> Domain okx-web3-tron-usdt-trc20-000000422.pages.dev mimics OKX for brand impersonation with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies okx-web3-tron-usdt-trc20-000000422.pages.dev as an active brand impersonation site targeting OKX. The domain leverages a decoy naming scheme centered on USDT-TRC20 transactions to lure users into deceptive interactions. While no crypto drainer kit artifacts are currently confirmed, the page structure and content are explicitly designed to mimic OKX’s branding to harvest credentials or initiate unauthorized transfers.  This domain resolves to IP 172.66.47.157 and is served via Cloudflare, Inc., with a Google Trust Services SSL certificate. VirusTotal currently reports 0/95 detection engines flagging the site. The domain was registered through Cloudflare Registrar and operates under pages.dev, indicating a Cloudflare Pages deployment. No Google Safe Browsing (GSB) blocklist status is publicly available, though the absence of detections suggests low immediate threat visibility. The branding deception centers on the OKX exchange, using a spoofed path to appear legitimate in crypto transaction contexts.  Current status is active with under investigation classification. Users should avoid interaction and report any encountered pages immediately. The remaining risk is moderate due to zero VT detections and Cloudflare shielding, but the impersonation vector remains viable for credential theft or fund diversion. Blocking at network level and user awareness are recommended mitigations until further analysis concludes.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.157

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d31a0d85-15e5-4328-b8e4-a456ac38db89
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000422.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000422.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000422.pages.dev/
Last updated: 2026-03-28