# presale-rabootoken.pages.dev — SUSPICIOUS > presale-rabootoken.pages.dev domain linked to brand impersonation scam targeting OKX, flagged by 0 of 95 VirusTotal vendors. Immediate verification advised. ## Summary PhishDestroy identifies presale-rabootoken.pages.dev as an active brand impersonation domain targeting OKX exchange users. The site is currently under investigation as a potential crypto drainer or credential theft campaign designed to exploit trust in the legitimate OKX platform. Initial analysis suggests this domain is part of a coordinated effort to deceive cryptocurrency investors during presale events or promotional campaigns associated with the OKX brand. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a currently undetected threat. The domain is registered through Cloudflare, Inc., resolves to IP address 188.114.96.3, and utilizes a Google Trust Services SSL certificate. While the exact creation date is not publicly available, the domain's infrastructure aligns with other known malicious campaigns leveraging Cloudflare Workers for evasion and rapid deployment. The absence of detections suggests this threat may be newly active or employing advanced evasion techniques to bypass traditional security measures. Trust scores for the SSL certificate and infrastructure remain unassessed due to the novelty of the domain, but the lack of detections raises immediate concerns about its malicious intent. The current status of presale-rabootoken.pages.dev is marked as active and under investigation, with no confirmed blocklist associations at this time. Given the lack of VirusTotal detections and the domain's association with a high-risk brand impersonation campaign, security teams and cryptocurrency users are advised to exercise extreme caution. It is recommended to block or flag this domain at the network level, avoid any interaction with the site, and verify any OKX-related communications through official channels. Users who may have interacted with this domain are advised to revoke any connected wallet permissions immediately and monitor for suspicious transactions. Further intelligence sharing and collaborative analysis are strongly encouraged to prevent potential financial losses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/173ebf8c-74a7-4cc2-ac78-db3f0d94f86a - PhishDestroy: https://phishdestroy.io/domain/presale-rabootoken.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/presale-rabootoken.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/presale-rabootoken.pages.dev/ Last updated: 2026-03-26