# nddaxxloggin.webflow.io — MALICIOUS > PhishDestroy identifies nddaxxloggin.webflow.io as an active credential theft domain impersonating NDDAX exchange. 8/95 VirusTotal vendors flag this site. ## Summary PhishDestroy identifies nddaxxloggin.webflow.io as an active credential theft domain impersonating the NDDAX exchange. The page leverages Webflow’s hosting infrastructure to deliver a fake login portal designed to harvest user credentials under the guise of an NDDAX authentication page. No evidence suggests a crypto drainer kit at this time, indicating a focus on direct credential exfiltration rather than asset transfer. This domain resolves to IP 104.18.36.248 and is served via a Google Trust Services SSL certificate, which may enhance its perceived legitimacy. According to VirusTotal, 8 out of 95 security vendors have flagged this domain. The domain uses Webflow’s registrar infrastructure and is currently active with elevated risk. While the creation date is not provided, the active status and high VT detection rate suggest recent deployment. The domain remains active as of the latest scan. Users are advised to avoid accessing the site and organizations should block the domain and IP at the network perimeter. Remaining risk is elevated due to the use of a legitimate hosting provider (Webflow) and SSL certificate, which can bypass basic security controls. Immediate action is required to prevent credential compromise. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/nddaxxloggin.webflow.io - PhishDestroy: https://phishdestroy.io/domain/nddaxxloggin.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/nddaxxloggin.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nddaxxloggin.webflow.io/ Last updated: 2026-04-08