# token-aqla.pages.dev — SUSPICIOUS

> token-aqla.pages.dev mimics OKX in a brand impersonation scam with 0/95 VirusTotal detections. Avoid interaction and report immediately.

## Summary
PhishDestroy identifies token-aqla.pages.dev as an active brand impersonation domain targeting OKX users. The page is hosted under Cloudflare Pages and leverages a Google Trust Services SSL certificate to appear legitimate, suggesting a crypto-drainer kit or credential-theft payload may be delivered to unsuspecting visitors. The domain’s naming pattern (“token-[...]”) and use of a trusted platform (Cloudflare) are classic social-engineering tactics designed to harvest credentials or drain crypto wallets under the guise of an “official” service.  This domain was flagged with 0 detections on VirusTotal from a 95-engine scan, indicating it has evaded signature-based detection at the time of analysis. It is registered through Cloudflare, Inc., resolving to IP 172.66.44.111, and is served over HTTPS with a certificate issued by Google Trust Services. The domain was created recently (exact date not disclosed in public WHOIS), and it has not been blocked by Google Safe Browsing (GSB status unknown) or widely listed on public threat intelligence feeds at this stage. Despite low detection rates, its impersonation of a major exchange like OKX places it at high risk for user deception and financial loss.  The current status of token-aqla.pages.dev is active and under investigation, with no confirmed payload delivery mechanism yet identified. However, the presence of SSL and trusted hosting suggests a well-crafted lure. Users are strongly advised not to visit, click, or interact with any links from this domain. Security teams and browser vendors should block 172.66.44.111 and the domain at the network level. Remaining risk is classified as moderate-to-high due to the active hosting and impersonation tactics, pending further forensic analysis of the site’s behavior and payload delivery.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.111

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/117cddc5-82c3-48c3-874b-14bb6cdd68e0
- PhishDestroy: https://phishdestroy.io/domain/token-aqla.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/token-aqla.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/token-aqla.pages.dev/
Last updated: 2026-03-27