# prevailtokens.pages.dev — SUSPICIOUS > prevailtokens.pages.dev engages in OKX brand impersonation phishing. Flagged by 0 of 95 VirusTotal vendors. Check the full report. ## Summary PhishDestroy identifies prevailtokens.pages.dev as an active brand impersonation threat currently under investigation. This domain impersonates OKX, a major cryptocurrency exchange, and operates under a Cloudflare registrar with an active Google Trust Services SSL certificate. The domain resolves to IP 188.114.96.3 and remains unflagged by VirusTotal as of the latest scan. This domain was flagged by 0 of 95 VirusTotal vendors during dynamic analysis, indicating undetected malicious activity. Registered through Cloudflare, Inc., the domain utilizes a legitimate SSL certificate issued by Google Trust Services, adding a veneer of authenticity. The associated IP 188.114.96.3 shows no prior blocklist entries, and reverse DNS resolution remains unconfirmed. Current trust scores from security engines remain neutral, with no prior detections on VirusTotal or other threat intelligence platforms. As this campaign is actively live, users are advised to exercise extreme caution when interacting with any communications referencing OKX from this domain or related infrastructure. Do not click unsolicited links, validate sender domains via official channels, and report suspicious activity to OKX directly. Monitor network traffic for connections to 188.114.96.3 and consider blocking the domain and associated IP in firewall rules. Further updates will be provided as this investigation progresses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d5e48b1c-131f-4e3b-baa5-f812f6aee8d5 - PhishDestroy: https://phishdestroy.io/domain/prevailtokens.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/prevailtokens.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/prevailtokens.pages.dev/ Last updated: 2026-03-24