# zeus-token.pages.dev — SUSPICIOUS > zeus-token.pages.dev impersonates OKX in a crypto drainer scheme. VirusTotal shows 0/95 detections. Check the full report. ## Summary PhishDestroy identifies zeus-token.pages.dev as an active domain engaged in brand impersonation targeting OKX users, specifically designed to deceive cryptocurrency holders via a drainer kit. The infrastructure leverages Cloudflare Pages to host a fraudulent page mimicking OKX's official site, with the domain registered through Cloudflare, Inc., and secured with a Google Trust Services SSL certificate. The malicious domain is currently unresolved to 172.66.47.123, suggesting dynamic hosting or recent deployment, and remains undetected by 95 VirusTotal scanners as of the latest analysis. This domain was flagged with a VirusTotal detection ratio of 0/95, indicating no current coverage by antivirus engines. The registrar is Cloudflare, Inc., and the site holds a valid Google Trust Services SSL certificate, which may contribute to its credibility among potential victims. The domain resolves to the IP address 172.66.47.123, a Cloudflare-operated range commonly associated with legitimate services but frequently abused for phishing and fraudulent campaigns. At the time of analysis, zeus-token.pages.dev shows no presence on major blocklists, though its recent registration and lack of detections suggest it is either newly deployed or carefully evading detection mechanisms. As of this advisory, the threat status remains active and under investigation, with no confirmed takedown or remediation actions in progress. SOC teams are advised to block the domain and associated IP address at the network level to prevent user interaction. Users should be warned against interacting with any OKX-themed domains outside the official okx.com domain and encouraged to verify URLs via official channels. While the immediate risk is elevated due to the absence of detections, the lack of historical data and blocklist presence suggests this campaign may be in its early stages. Continued monitoring is required to assess its spread and impact on cryptocurrency users. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.123 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b8f61886-803a-4fbf-9a0e-d8652b6d9628 - PhishDestroy: https://phishdestroy.io/domain/zeus-token.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/zeus-token.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/zeus-token.pages.dev/ Last updated: 2026-03-30