# portal--ndax--logii.webflow.io — MALICIOUS

> portal--ndax--logii.webflow.io is a high-risk phishing site targeting crypto users. Avoid interaction and report suspicious activity immediately.

## Summary
PhishDestroy identifies portal--ndax--logii.webflow.io as a high-risk generic phishing domain impersonating Ndax, a popular Canadian cryptocurrency trading platform. The site uses a deceptive page title “Ndax | An All-In-One Crypto Trading Platform for Canadians” to lure victims into providing sensitive information, including login credentials. The domain’s naming convention with repeated dashes is suspicious and typical of phishing tactics aimed at mimicking legitimate services.

Technical analysis reveals that this domain was registered recently on March 12, 2026, which is a common trait among phishing infrastructure aiming for short-lived campaigns. It is hosted on Webflow, a platform frequently abused by threat actors for quick deployment of fraudulent landing pages. The domain currently appears on one security blocklist, and VirusTotal flags it by 18 out of 95 security vendors, confirming its malicious intent. These indicators align with active phishing behavior targeting cryptocurrency traders.

At present, portal--ndax--logii.webflow.io remains active and poses a significant threat to unwary users seeking crypto trading services in Canada. PhishDestroy strongly advises users to avoid engaging with this domain and urges security teams to monitor and block access. Continued observation and rapid takedown requests are recommended to mitigate exposure to this ongoing phishing campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Ndax | An All-In-One Crypto Trading Platform for Canadians

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 18 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "LevelBlue", "Lionic", "Netcraft", "OpenPhish", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce224-b49d-717f-b39e-16645051966b.png
- PhishDestroy: https://phishdestroy.io/domain/portal--ndax--logii.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/portal--ndax--logii.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/portal--ndax--logii.webflow.io/
Last updated: 2026-03-19