# okx-web3-tron-usdt-trc20-000000892.pages.dev — SUSPICIOUS

> okx-web3-tron-usdt-trc20-000000892.pages.dev is a crypto drainer impersonating OKX. Reported on VirusTotal with 0/95 detections.

## Summary
PhishDestroy identifies okx-web3-tron-usdt-trc20-000000892.pages.dev operating as a brand impersonation site targeting OKX. This domain appears to function as a cryptocurrency drainer, likely designed to siphon funds from unsuspecting users under the guise of legitimate Tron USDT transactions via TRC-20 tokens. The total similarity in naming conventions and branding deception indicates a carefully engineered social engineering attempt.  

Domain indicators reveal this malicious host was registered through Cloudflare, Inc., resolving to IP address 172.66.44.157. VirusTotal currently reports 0 detections out of 95 engines, presenting a low detection rate. The domain leverages a Google Trust Services SSL certificate, adding superficial legitimacy. As of the latest telemetry, this domain remains unflagged by phishing blocklists and shows minimal footprint in threat intelligence feeds. While the registry appears recent, precise registration dates remain unverified at this stage.  

This domain is currently active and under investigation. Users encountering this domain are advised to avoid interaction and report it via PhishDestroy to aid in blocking efforts. The immediate risk level is classified as uncertain due to low detection coverage, but active impersonation of a major exchange platform significantly elevates user exposure. Ongoing monitoring and updates are advised as this threat evolves.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.157

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/583b298a-49e1-466d-8efa-51aad9649674
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000892.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000892.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000892.pages.dev/
Last updated: 2026-04-13