# ntade-2.cfd — SUSPICIOUS

> ntade-2.cfd is a confirmed credential theft domain hosting a generic phishing campaign with 4/95 VirusTotal detections.

## Summary
ntade-2.cfd has been confirmed as an active credential theft site. The domain is currently categorized as a generic phishing domain designed to harvest user credentials under a false pretense. Security monitoring confirms the threat is live and operational.

PhishDestroy identifies this domain as a credential theft operation leveraging a generic lure to trick users into surrendering login details. The domain was registered on April 10, 2026 through Global Domain Group LLC and is currently resolving to IP address 104.21.13.203. Security telemetry shows the domain is flagged by 4 of 95 VirusTotal vendors, and is listed on two independent blocklists including OpenPhish and PhishingArmy. The site is secured with a Let’s Encrypt SSL certificate, increasing its appearance of legitimacy.

This credential theft domain poses an elevated risk to organizations and individuals due to its active status and trusted SSL certificate. Users may unknowingly submit credentials to fraudulent forms hosted at this address. Immediate action is required: block the domain at DNS and network levels, revoke or flag the SSL certificate, and inspect endpoints for any previously submitted credentials. Conduct a password reset campaign for affected accounts and alert users to avoid interaction with ntade-2.cfd or any related subdomains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-10 18:22:55
- Registrar: Global Domain Group LLC
- IP: 104.21.13.203

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0a03be1f-f8ac-46c2-8176-66312c6b14d0
- PhishDestroy: https://phishdestroy.io/domain/ntade-2.cfd/
- LLM endpoint: https://phishdestroy.io/domain/ntade-2.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ntade-2.cfd/
Last updated: 2026-04-12