# ryedex.org — MALICIOUS

> ryedex.org poses a medium-level phishing threat masquerading as a crypto exchange. Stay vigilant and avoid sharing sensitive info on this active domain.

## Summary
PhishDestroy identifies ryedex.org as an active domain engaged in medium-risk phishing, specifically targeting cryptocurrency users through impersonation of a global crypto exchange. Categorized under generic phishing, it aims to deceive users into divulging sensitive credentials or financial information.

The domain was registered recently on March 13, 2026, via NiceNIC International Group Co., Limited, which raises suspicion due to the short lifespan and the use of a registrar often linked with malicious registrations. ryedex.org appears on a security blocklist and resolves to the IP address 104.21.80.30. VirusTotal detection is low, with only 5 out of 95 security vendors flagging it, but this aligns with common tactics employed in emerging phishing campaigns to avoid immediate mass detection. The webpage's title, "ryeDEX - Global Crypto Exchange," attempts to lure unsuspecting crypto investors by mimicking a legitimate trading platform.

Given its active status and ongoing risk, users should exercise caution and refrain from entering personal details or credentials on this domain. Security teams are advised to maintain updated blocklists including ryedex.org and monitor related traffic for suspicious activity. PhishDestroy recommends immediate blacklisting in organizational environments and continuous observation for evolving phishing techniques associated with this domain, leveraging the unique seed "6939a5" for tracking and analysis purposes.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: ryeDEX - Global Crypto Exchange

## Domain Intelligence
- Registered: 2026-03-13 03:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.80.30
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jasper.ns.cloudflare.com", "roxy.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["alphaMountain.ai", "Fortinet", "Gridinsoft", "SOCRadar", "URLQuery"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce542-9e37-7469-9d03-f8da3895b032.png
- PhishDestroy: https://phishdestroy.io/domain/ryedex.org/
- LLM endpoint: https://phishdestroy.io/domain/ryedex.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ryedex.org/
Last updated: 2026-03-19