# tokenclaim-dextradingclaims.pages.dev — MALICIOUS > PhishDestroy identifies tokenclaim-dextradingclaims.pages.dev as a fraudulent OKX brand impersonation. ## Summary PhishDestroy identifies tokenclaim-dextradingclaims.pages.dev as an active domain engaged in brand impersonation targeting OKX, a leading global cryptocurrency exchange. This threat utilizes a visually deceptive domain structure to mimic official OKX communications, likely aiming to harvest credentials or cryptocurrency assets from unsuspecting users. The page is suspected to be leveraging a drainer kit designed to facilitate unauthorized fund transfers under the guise of token claims or trading promotions. The domain's structure—incorporating terms such as "tokenclaim" and "dextradingclaims"—suggests an attempt to exploit user trust in legitimate trading platforms to deceive visitors into interacting with malicious content. This tactic is particularly effective in the cryptocurrency ecosystem, where users frequently engage in token swaps and trading activities. This domain exhibits multiple red flags confirmed by forensic analysis. It has been flagged by 16 out of 95 security vendors on VirusTotal, indicating substantial yet not universal detection of its malicious nature. The domain is registered through Cloudflare, Inc., a common choice among threat actors seeking anonymity and resilience against takedown efforts. It resolves to the IP address 188.114.97.3 and holds a valid SSL certificate issued by Google Trust Services, which may further enhance its appearance of legitimacy. The domain was detected on 2 separate security blocklists, and while its exact creation date remains unverified, its active status suggests recent deployment. Google Safe Browsing (GSB) has not yet flagged this domain, which may delay widespread user awareness. These technical indicators collectively underscore the elevated risk posed by this impersonation campaign. The current status of tokenclaim-dextradingclaims.pages.dev is active and ongoing, with confirmed detection by security platforms such as ScamSniffer and Enkrypt. Despite partial mitigation through blocklists, the domain remains accessible and continues to pose a significant threat to cryptocurrency users. PhishDestroy urges immediate caution: avoid interacting with this domain or any associated links. Users should verify the authenticity of any OKX-related communications through official channels and report suspicious activity. Remaining risk is elevated due to the domain's active status, partial visibility on blocklists, and the use of HTTPS encryption to build false trust. Immediate collaborative action among security vendors, registrars, and domain hosts is required to neutralize this threat and protect users from potential financial loss. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["ScamSniffer", "Enkrypt"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/54b62fe2-f444-418e-9eea-e14466b473a0 - PhishDestroy: https://phishdestroy.io/domain/tokenclaim-dextradingclaims.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/tokenclaim-dextradingclaims.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tokenclaim-dextradingclaims.pages.dev/ Last updated: 2026-03-24