# sponges-token.pages.dev — SUSPICIOUS

> PhishDestroy identifies sponges-token.pages.dev as a crypto drainer impersonating OKX with 0/95 VirusTotal detections.

## Summary
PhishDestroy assesses that sponges-token.pages.dev poses an active brand impersonation threat targeting OKX users through crypto drainer tactics. The domain is currently classified as under investigation but remains active and operational, with technical infrastructure designed to deceive victims into connecting cryptocurrency wallets under false pretenses. Users interacting with this domain risk unauthorized asset transfers via malicious smart contract interactions or fake transaction prompts, a hallmark of crypto drainer operations. 


This domain was flagged with zero detections across 95 VirusTotal scanners (0/95), indicating it has evaded current detection mechanisms. It resolves to Google Cloud IP 188.114.96.3 and is hosted on Cloudflare Pages (registered through Cloudflare, Inc.). The domain leverages a Google Trust Services SSL certificate to enhance legitimacy. While creation date and blocklist status remain unverified in public threat intelligence feeds, the absence of detections suggests this infrastructure is either newly deployed or employs evasion techniques against automated detection systems. 


To mitigate risk, immediately block access to sponges-token.pages.dev at network and endpoint levels. Warn cryptocurrency users, especially those active on OKX, to verify all transaction prompts and wallet connections against official channels. Never approve smart contract interactions from unknown domains. Report this infrastructure to OKX abuse channels and threat intelligence platforms like VirusTotal to increase detection coverage. Exercise extreme caution with any OKX-branded promotions or airdrops encountered outside official communication channels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/783db35a-91bd-416a-b23b-541a9fc463e0
- PhishDestroy: https://phishdestroy.io/domain/sponges-token.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sponges-token.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sponges-token.pages.dev/
Last updated: 2026-03-28