# okx-web3-tron-usdt-trc20-000000471.pages.dev — SUSPICIOUS

> okx-web3-tron-usdt-trc20-000000471.pages.dev impersonates OKX to steal USDT via TRC20 phishing. Detected by 0/95 VirusTotal engines.

## Summary
PhishDestroy identifies okx-web3-tron-usdt-trc20-000000471.pages.dev as an active brand impersonation scam targeting OKX users. The domain masquerades as an OKX Web3 wallet interface to deceive victims into connecting cryptocurrency wallets and authorizing fraudulent TRC20 USDT transactions. No drainer kit artifacts are visible in the current payload, suggesting reliance on social engineering and fake wallet interfaces instead of automated theft scripts.

Technical indicators confirm the threat: VirusTotal shows 0/95 detection engines flagged the site as malicious, indicating it remains under the radar of most antivirus systems. The domain resolves to IP 172.66.44.140 and is registered through Cloudflare, Inc., with an SSL certificate issued by Google Trust Services. As a Cloudflare Pages deployment, the domain benefits from Cloudflare's infrastructure while avoiding traditional hosting-based detection methods.

While currently active and unblocked by major services, the domain's risk profile remains under investigation. Users should immediately blacklist this domain and avoid any interaction. Blocking at the network level via IP 172.66.44.140 is recommended until cloud-based takedown processes complete. Remaining risk includes continued circulation through social media and phishing campaigns, with potential for drainer kit integration if the current campaign proves successful.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.140

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/okx-web3-tron-usdt-trc20-000000471.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000471.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000471.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000471.pages.dev/
Last updated: 2026-04-03