# okx-web3-usdt-trc20-payfor-00000067.pages.dev — MALICIOUS

> okx-web3-usdt-trc20-payfor-00000067.pages.dev is a crypto drainer impersonating OKX, flagged by 6 of 95 VirusTotal vendors.

## Summary
okx-web3-usdt-trc20-payfor-00000067.pages.dev is identified as an active brand impersonation domain targeting OKX, currently engaged in crypto drainer operations. Analysis confirms this domain is weaponized to deceive users into transferring cryptocurrency under false pretenses. The infrastructure leverages the trustworthiness of legitimate services to evade detection, posing elevated risk to unsuspecting users.


PhishDestroy's investigation reveals this domain has been flagged by 6 of 95 VirusTotal security vendors, indicating partial but critical detection. The domain was registered through Cloudflare, Inc., resolving to IP address 172.66.44.162. The SSL certificate is issued by Google Trust Services, suggesting an attempt to establish credibility. Despite these measures, the domain remains relatively new and has not yet accumulated significant blocklist entries, emphasizing the need for proactive detection.


The current status of this domain remains active, with ongoing exploitation observed in the wild. Given the specific threat of crypto drainer impersonation, users are strongly advised to avoid interaction with this domain entirely. PhishDestroy recommends immediate blocking of the domain and IP address at the network perimeter. Additionally, organizations should update threat intelligence feeds with these indicators to prevent lateral movement within their environments. Proactive user awareness training highlighting the tactics of crypto drainer impersonation is strongly encouraged to mitigate potential financial loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.162

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8548e996-6e8b-4fe1-b0ca-f84b3279eab5
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000067.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000067.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000067.pages.dev/
Last updated: 2026-03-28