# token-lumia.pages.dev — SUSPICIOUS

> token-lumia.pages.dev impersonates OKX in active phishing. Check full report for IP 188.114.97.3 and mitigation steps.

## Summary
PhishDestroy identifies token-lumia.pages.dev as an active brand impersonation domain targeting OKX users, currently under investigation with no detections on VirusTotal. The domain resolves to IP 188.114.97.3 and leverages Google Trust Services SSL certificates while operating through Cloudflare, Inc. infrastructure. Threat actors are exploiting Cloudflare Pages to host convincing OKX replicas, likely aiming to harvest credentials or distribute malware under the guise of legitimate OKX services.

This domain was flagged with 0/95 VirusTotal detections as of latest scan, registered via Cloudflare, Inc. with IP resolution to 188.114.97.3, and utilizes Google Trust Services for SSL certification. No current blocklist inclusions were observed during initial assessment, though the domain remains active and under continuous monitoring. The threat type is confirmed as brand impersonation with direct OKX replication, posing high risk to users interacting with cryptocurrency platforms.

To mitigate risks, users should avoid interacting with token-lumia.pages.dev and verify all OKX-related domains via official channels. Security teams should block IP 188.114.97.3 and flag the domain at network/firewall levels. Always cross-check domains against known phishing databases and use multi-factor authentication for OKX accounts. Report any suspicious activity to OKX security teams and update threat intelligence feeds immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c72b680c-160b-4d9e-9bf1-4e8d76df3f75
- PhishDestroy: https://phishdestroy.io/domain/token-lumia.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/token-lumia.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/token-lumia.pages.dev/
Last updated: 2026-03-28