# rexas-finance-token.pages.dev — SUSPICIOUS

> rexas-finance-token.pages.dev is a crypto drainer site impersonating OKX. VirusTotal flags 2/95 vendors. Verify before you click — your assets depend on it.

## Summary
PhishDestroy identifies rexas-finance-token.pages.dev as an active brand-impersonation domain targeting OKX users. The site masquerades as a legitimate finance platform to trick visitors into connecting crypto wallets, where a crypto drainer kit silently transfers funds to attacker-controlled addresses. No specific drainer kit signature is publicly disclosed, but the infrastructure is configured to harvest private keys and seed phrases via fake login prompts and transaction approvals.


Technical indicators confirm elevated risk: VirusTotal lists the domain with a 2/95 detection score, indicating minimal vendor coverage despite clear malicious traits. The domain was registered through Cloudflare, Inc., resolving to IP address 188.114.97.3, and operates with a Google Trust Services SSL certificate. This domain was created recently and appears on one public blocklist, including ScamSniffer. No Google Safe Browsing (GSB) entry is recorded at this time.


This domain remains active and poses a tangible threat to cryptocurrency holders. Security vendors like ScamSniffer have already blocked access, but users should avoid interaction entirely. The risk level remains elevated due to unpatched user trust in the OKX brand and the absence of GSB listing. Users are advised to verify all URLs via official channels and use hardware wallets or reputable browser security extensions to prevent unauthorized fund transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8e5ef464-a928-432b-a879-b89d40e99333
- PhishDestroy: https://phishdestroy.io/domain/rexas-finance-token.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/rexas-finance-token.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rexas-finance-token.pages.dev/
Last updated: 2026-03-25