# okx-web3-tron-usdt-trc20-000000912.pages.dev — SUSPICIOUS > okx-web3-tron-usdt-trc20-0912.pages.dev — active OKX TRC-20 phishing campaign. VirusTotal: 0/95 detections. Check the full report. ## Summary PhishDestroy identifies an active brand impersonation phishing campaign targeting OKX users through the domain okx-web3-tron-usdt-trc20-00000912.pages.dev. This fraudulent site mimics OKX’s TRC-20 USDT withdrawal interface to deceive users into entering private keys or seed phrases, enabling direct theft of cryptocurrency assets. The threat actor leverages Cloudflare Pages for rapid deployment and Google Trust Services for SSL certificates to appear legitimate, while obfuscating infrastructure via Cloudflare’s proxy network. Analysis indicates this is part of a broader campaign targeting users familiar with TRC-20 transactions, with the domain specifically designed to exploit trust in OKX’s brand during high-volume withdrawal scenarios. This domain was flagged with 0 detections on VirusTotal out of 95 security vendors (as of latest scan), indicating it is currently undetected by most endpoint protection systems. It resolves to IP 188.114.97.3 and is registered via Cloudflare, Inc., with no publicly available creation date due to Cloudflare’s privacy protections. The domain exhibits no current presence on major threat intelligence blocklists, suggesting it is either newly deployed or actively evading detection through dynamic hosting and certificate rotation. Its structure—using a subdomain under pages.dev—is consistent with phishing campaigns leveraging free hosting services to rapidly generate disposable domains. Users who visited this domain or entered credentials should immediately revoke any exposed API keys, wallet passwords, or seed phrases through OKX’s official security portal. Disconnect any connected wallets from suspicious sites and transfer assets to a cold wallet if compromised. Report the incident to OKX support and monitor accounts for unauthorized transactions. Do not reuse passwords or private keys across platforms. Forward any interaction logs or screenshots to threat intelligence teams for further analysis. This domain remains active and should be treated as hostile until confirmed offline. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f7ff98f4-de37-4a5f-9ffd-a7e7ad608e40 - PhishDestroy: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000912.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000912.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-tron-usdt-trc20-000000912.pages.dev/ Last updated: 2026-03-30