# ndx-x-io-en-us.zapier.app — MALICIOUS > ndx-x-io-en-us.zapier.app is a crypto drainer impersonating Zapier. 14/95 vendors flagged this domain; verify safety on PhishDestroy before use. ## Summary ndx-x-io-en-us.zapier.app is an active cryptocurrency drainer domain designed to impersonate the legitimate automation platform Zapier. The threat type is classified as generic_phishing with an elevated risk level. This domain leverages a spoofed interface to trick users into connecting crypto wallets, enabling unauthorized fund transfers through malicious JavaScript payloads typical of drainer kits. The infrastructure appears to mimic Zapier’s branding to exploit user trust in legitimate workflow automation tools. PhishDestroy identifies this domain with the following technical indicators: a VirusTotal detection ratio of 14 out of 95 security vendors, resolving to IP address 64.239.109.1, secured via a Let's Encrypt SSL certificate. The domain was registered through an unknown registrar and currently has no presence on Google Safe Browsing (GSB) or major blocklists, indicating recent activation. The absence of prior listings suggests this campaign is newly deployed to evade traditional blacklisting mechanisms. The Let's Encrypt certificate further lowers user suspicion by displaying a valid HTTPS padlock, increasing the likelihood of successful credential or wallet theft. As of the latest assessment, ndx-x-io-en-us.zapier.app remains active and unblocked by most threat intelligence platforms. Immediate response actions include flagging the domain for inclusion in PhishDestroy’s blocklist and notifying hosting provider Cloudflare to suspend the associated IP range. The elevated risk stems from its targeted impersonation tactic and the absence of prior detections, which permits prolonged operation. Users are strongly advised to avoid interacting with this domain and verify any Zapier-related links using PhishDestroy’s validation tool. The remaining risk is assessed as elevated due to the drainer’s ability to bypass initial scrutiny, necessitating continuous monitoring and proactive user education. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 64.239.109.1 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d4663ad9-5b93-488b-93f4-ae668d50c7e9 - PhishDestroy: https://phishdestroy.io/domain/ndx-x-io-en-us.zapier.app/ - LLM endpoint: https://phishdestroy.io/domain/ndx-x-io-en-us.zapier.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ndx-x-io-en-us.zapier.app/ Last updated: 2026-04-11