# revokes-cash.web.app — SUSPICIOUS

> Site revokes-cash.web.app mimics OKX brand and shows 0/95 VirusTotal detections — a live crypto drainer under investigation. Avoid any login.

## Summary
PhishDestroy identifies revokes-cash.web.app as an active crypto drainer impersonating the OKX brand, currently under investigation and not yet flagged by anti-virus engines. VirusTotal shows zero detections across 95 engines, indicating the page remains unclassified while it continues to harvest credentials and drain wallets. Registered through Google LLC and served from IP 199.36.158.100 with a Google Trust Services SSL certificate, the domain leverages Google’s infrastructure to appear legitimate while targeting crypto users.  This impostor site masquerades as OKX, a major cryptocurrency exchange, to trick visitors into entering login details or connecting crypto wallets. Once credentials are captured, attackers immediately drain funds. The combination of zero VirusTotal detections, a Google-issued SSL certificate, and hosting on Google Cloud IP 199.36.158.100 creates a highly convincing trap that evades traditional security filters.  Anyone who visited revokes-cash.web.app should immediately revoke wallet connections, change passwords, and scan devices with updated antivirus. Report any unauthorized transactions to OKX support and file a complaint with your local cybercrime unit. Avoid using this domain or any link that resembles it; always verify URLs via official OKX channels before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Google LLC
- IP: 199.36.158.100

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9648aec0-277f-4610-a58e-fddd8895e2e0
- PhishDestroy: https://phishdestroy.io/domain/revokes-cash.web.app/
- LLM endpoint: https://phishdestroy.io/domain/revokes-cash.web.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/revokes-cash.web.app/
Last updated: 2026-03-24