# okx-web3-usdt-trc20-payfor-00000090.pages.dev — SUSPICIOUS

> Investigating okx-web3-usdt-trc20-payfor-00000090.pages.dev for OKX brand impersonation via fraudulent TRC20 payment lures. Resolves to 172.66.44.

## Summary
PhishDestroy identifies okx-web3-usdt-trc20-payfor-00000090.pages.dev as an active brand impersonation threat under investigation. This malicious domain mimics OKX’s legitimate services to deceive users into processing fraudulent TRC20 USDT transactions.  

This domain exhibits multiple red flags: VirusTotal analysis shows 0 detections out of 95 scanners as of current data, indicating evasion of automated defenses. Registered through Cloudflare, Inc., it resolves to IP 172.66.44.232 and leverages a Google Trust Services SSL certificate to appear legitimate. The Pages.dev platform suggests recent creation, though exact registration dates remain unverified at this stage. No blocklist entries have been recorded, further highlighting its stealthy nature.  

Mitigation for this brand impersonation threat requires immediate user awareness and proactive blocking. Organizations should add the domain and associated IP (172.66.44.232) to firewall and DNS sinkhole rules to prevent access. Users should verify URLs against OKX’s official domains (okx.com) before engaging with payment-related prompts. Security teams are advised to monitor for similar typosquatting patterns targeting TRC20 or other crypto payment flows. Given the 0/95 detection ratio, manual review and threat hunting are critical to preempt broader exploitation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.232

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c06e53a9-2439-436e-9432-a8578cbb9333
- PhishDestroy: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000090.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000090.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000090.pages.dev/
Last updated: 2026-03-29