# www.importoken.pro — SUSPICIOUS > Importoken.pro is a brand impersonation site imitating OKX with a 0/95 VirusTotal detection. Avoid interaction and report immediately to protect assets. ## Summary PhishDestroy identifies Importoken.pro as a high-risk domain actively impersonating OKX, a leading cryptocurrency exchange, to deceive users into divulging sensitive credentials or transferring digital assets. This site leverages visual cloning of OKX’s branding and user interface to create a false sense of legitimacy, tricking visitors into entering login details, 2FA codes, or seed phrases on fraudulent pages hosted on this domain. The threat actor behind Importoken.pro is likely operating a crypto drainer or credential theft campaign, aiming to harvest private keys or exchange access tokens to siphon funds from victim wallets or accounts. Users who encounter this domain should assume malicious intent and avoid any interaction, as the site’s infrastructure is designed to facilitate unauthorized access and financial theft. Technical indicators strongly confirm the malicious intent of Importoken.pro. The domain resolves to a single IP address, 216.198.79.65, and utilizes a Let’s Encrypt SSL certificate—common tactics to obfuscate malicious activity and appear trustworthy. Critically, VirusTotal currently shows 0 detections out of 95 security engines, indicating this domain has not yet been widely flagged by automated scanners. Additional risk factors include the domain’s recent creation date (exact date not specified in available data), which suggests opportunistic registration to capitalize on current market conditions or user trust in OKX. While specific registrar and blocklist counts are unavailable in this dataset, the absence of detections underscores the urgency for proactive user vigilance and immediate blocking. If you have visited Importoken.pro or entered any credentials, assume your data has been compromised. Immediately revoke any permissions granted to the site, change passwords for all financial accounts—especially OKX and related crypto services—and enable two-factor authentication (2FA) using an authenticator app or hardware key. Transfer any exposed assets to a newly generated wallet address not linked to the compromised credentials. Report the domain to OKX’s official fraud reporting channels and your local cybercrime unit. For future protection, use browser extensions like uBlock Origin or PhishDestroy’s real-time domain blocking to prevent access to similar threats. Always verify URLs through official OKX channels and avoid clicking links from unsolicited messages or advertisements. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 216.198.79.65 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6246e749-a1b7-4c9a-9d65-5ea49100b719 - PhishDestroy: https://phishdestroy.io/domain/www.importoken.pro/ - LLM endpoint: https://phishdestroy.io/domain/www.importoken.pro/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.importoken.pro/ Last updated: 2026-03-28