# okx-web3-usdt-trc20-payfor-00000088.pages.dev — SUSPICIOUS > PhishDestroy warns of crypto drainer okx-web3-usdt-trc20-payfor-00000088.pages.dev mimicking OKX; 0/95 VirusTotal detections. Verify on PhishDestroy. ## Summary PhishDestroy identifies okx-web3-usdt-trc20-payfor-00000088.pages.dev as an active crypto drainer domain impersonating OKX’s TRC-20 USDT payment portal. This fraudulent site lures victims with fake transaction pages designed to intercept and steal deposited cryptocurrency funds via malicious wallet drainer scripts hosted on the page. Upon visiting, users are prompted to connect their wallets under the pretense of completing a fake USDT transfer, after which any connected assets are silently authorized and drained through signature-based theft mechanisms common to modern crypto phishing campaigns. This domain was flagged by PhishDestroy with a seed identifier c47bad and has been placed under investigation due to its high-risk threat type of brand impersonation. Technical indicators reveal it is registered through Cloudflare, Inc., resolving to IP address 172.66.44.251 with a Google Trust Services SSL certificate. Notably, VirusTotal currently shows 0 out of 95 detection engines flagged the domain, placing it beyond immediate signature-based blocking. Additionally, Google Safe Browsing lists it under the SOCIAL_ENGINEERING category, indicating confirmed deceptive intent. The domain leverages Google Pages to host its phishing content and continues active operation despite its malicious purpose. Users who believe they have visited okx-web3-usdt-trc20-payfor-00000088.pages.dev should immediately disconnect their wallet from any dApps, revoke any unauthorized token approvals using tools such as revoke.cash or Etherscan’s Token Approval Checker, and scan their device with updated antivirus software. Monitor blockchain transaction history for any unauthorized transfers and consider transferring remaining assets to a newly generated, hardware-secured wallet. Report the incident to the legitimate OKX support team and submit the domain to PhishDestroy for takedown and community awareness. Never interact with unsolicited payment links or login prompts, especially those claiming affiliation with OKX. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.251 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/57459539-9f0c-428f-a8eb-d0a524f32fcf - PhishDestroy: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000088.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000088.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000088.pages.dev/ Last updated: 2026-03-30