# okx-web3-usdt-trc20-payfor-00000116.pages.dev — SUSPICIOUS > okx-web3-usdt-trc20-payfor-00000116.pages.dev poses as brand impersonation crypto drainer targeting OKX users with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies okx-web3-usdt-trc20-payfor-00000116.pages.dev as an active crypto drainer impersonating OKX’s TRC-20 USDT payment system to deceive cryptocurrency users into authorizing fraudulent transactions. This domain leverages the OKX brand to exploit trust, specifically targeting victims in the USDT-TRC20 ecosystem with malicious smart contract approvals that silently drain wallets upon interaction. The threat actor behind this site has registered a page hosted on Cloudflare infrastructure (IP 172.66.44.61) using a Google Trust Services SSL certificate to appear legitimate, increasing the likelihood of user engagement and wallet compromise. This domain was flagged by PhishDestroy’s automated pipeline with a status marked as active and under investigation. VirusTotal analysis shows zero detections out of 95 scanners (0/95), highlighting how newly deployed phishing infrastructure often evades detection during the critical early window. The domain was registered through Cloudflare, Inc., a common tactic among malicious actors to mask origin and leverage fast-flux hosting. With no current blocklist presence and a clean SSL certificate, this site exemplifies the stealth and sophistication of modern crypto drainer campaigns targeting high-value blockchain users. If you visited okx-web3-usdt-trc20-payfor-00000116.pages.dev or interacted with it—especially by connecting your wallet or approving any transactions—immediately revoke any unauthorized smart contract approvals using tools like Revoke.cash or Rabby Wallet’s approval manager. Disconnect the site from your wallet, transfer remaining assets to a new wallet if suspicious activity is detected, and enable multi-factor authentication on all exchange and wallet accounts. Report the domain to PhishDestroy, your wallet provider, and OKX’s official security team to help disrupt this threat. Monitor your transaction history for unauthorized transfers and consider freezing compromised assets if possible. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.61 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c4040e00-bcea-4a45-a0c3-30f1c4ac5d36 - PhishDestroy: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000116.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000116.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/okx-web3-usdt-trc20-payfor-00000116.pages.dev/ Last updated: 2026-03-30