# sponge-token-en.pages.dev — SUSPICIOUS

> sponge-token-en.pages.dev mimics OKX in a crypto drainer scheme, with 0/95 VirusTotal detections. Blocked by Enkrypt and ScamSniffer—do not interact.

## Summary
PhishDestroy identifies sponge-token-en.pages.dev as a live OKX impersonation site designed to trick visitors into connecting crypto wallets and signing malicious transactions. The page mirrors OKX branding and promises fake Sponge token giveaways to lure victims. Security crawlers have already spotted the domain on two public blocklists, warning that it resolves to 172.66.47.102 via Cloudflare and holds a Google Trust Services SSL certificate to appear legitimate.  This domain was flagged within hours of creation and remains unlisted by VirusTotal (0 detections out of 95 engines as of seed 20e018). It was registered through Cloudflare, Inc. and is actively blocked by browser extensions Enkrypt and ScamSniffer. Exact indicators include IP 172.66.47.102, SSL issuer Google Trust Services, and zero detections on VirusTotal despite aggressive brand abuse.  If you visited sponge-token-en.pages.dev, immediately disconnect your wallet, revoke any signed but unexecuted transactions in your wallet’s activity log, and clear browser data. Run a full antivirus scan and consider rotating wallet addresses and seed phrases. Report the domain to OKX’s abuse team and your browser’s security extension vendor to help block further distribution.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.102

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b095e048-3adc-4774-a094-ae42e48b333e
- PhishDestroy: https://phishdestroy.io/domain/sponge-token-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sponge-token-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sponge-token-en.pages.dev/
Last updated: 2026-03-27