# ramptoken.org — SUSPICIOUS

> Warning: ramptoken.org is impersonating OKX! This fake login page may steal your crypto. Created May 2025, verify legitimacy on PhishDestroy now.

## Summary
PhishDestroy has identified ramptoken.org as a brand impersonation threat, specifically targeting users of the OKX cryptocurrency exchange. The domain is designed to mimic the legitimate OKX login page to steal credentials and potentially drain cryptocurrency wallets. Users should exercise extreme caution and avoid entering any personal information on this site.  

Technical analysis reveals that the domain was created on May 12, 2025, and is registered through Porkbun LLC. As of the latest scan, VirusTotal shows a detection rate of 0/95, indicating that it has not yet been widely flagged as malicious. The domain resolves to the IP address 76.76.21.21. The site uses a Let's Encrypt SSL certificate, which, while providing encryption, does not guarantee the legitimacy of the website. The lack of widespread detection coupled with the recent creation date suggests this is a newly launched campaign.  

If you have visited ramptoken.org and entered your OKX login credentials, immediately change your password on the legitimate OKX website and enable two-factor authentication. Monitor your account for any unauthorized activity and report the incident to OKX support. It is also advisable to run a full malware scan on your device to ensure no malicious software was installed. Always verify the authenticity of websites before entering sensitive information, especially when dealing with cryptocurrency exchanges.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: OKX

## Domain Intelligence
- Registered: 2025-05-12 16:55:55
- Registrar: Porkbun LLC
- IP: 76.76.21.21

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b9d4888c-5e90-457c-89bb-4ca7a98493ca
- PhishDestroy: https://phishdestroy.io/domain/ramptoken.org/
- LLM endpoint: https://phishdestroy.io/domain/ramptoken.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ramptoken.org/
Last updated: 2026-03-26