# okx-web3-usdt-trc20-payfor-00000028.pages.dev — SUSPICIOUS

> This Cloudflare-hosted domain (okx-web3-usdt-trc20-payfor-00000028.pages.dev) impersonates OKX to steal TRC-20 USDT.

## Summary
PhishDestroy identifies okx-web3-usdt-trc20-payfor-00000028.pages.dev as an active brand impersonation domain targeting OKX users. This page mimics OKX's TRC-20 USDT payment interface to deceive victims into transferring cryptocurrency to attacker-controlled wallets. The domain is currently under investigation but remains operational with confirmed malicious intent.


This threat domain was flagged by multiple security systems, including Google Safe Browsing which classified it as SOCIAL_ENGINEERING. The domain resolves to IP address 172.66.44.173 through Cloudflare, Inc. registration. VirusTotal analysis shows zero detections out of 95 security engines at the time of analysis, and the SSL certificate is issued by Google Trust Services, which may be leveraged to appear legitimate. The domain follows a pattern of using page.dev subdomains to host fake payment portals, specifically targeting OKX's cryptocurrency services.


Users should avoid interacting with this domain entirely. If you accessed this page, do not enter any credentials or payment information. Report this domain to OKX immediately through their official support channels. Use bookmarked links or verified domains (okx.com) to access legitimate services. Enable multi-factor authentication on OKX accounts and monitor wallet addresses for unauthorized transactions. Block this IP address (172.66.44.173) at your network level if possible. Always verify URLs before clicking and report suspected impersonation domains to cybersecurity platforms to prevent further spread.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.173

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1c0be4e0-19fa-43a2-ae1d-7906d0ce02cc
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000028.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000028.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000028.pages.dev/
Last updated: 2026-03-28