# sso-nadax-login.pages.dev — MALICIOUS

> PhishDestroy warns that domain sso-nadax-login.pages.dev is an active crypto drainer impersonating NADAX SSO.

## Summary
PhishDestroy identifies the domain sso-nadax-login.pages.dev as an active credential-phishing threat currently distributing a crypto drainer impersonating the NADAX single sign-on (SSO) portal. The campaign is classified as elevated risk and remains live at the time of reporting.


This domain was flagged by 9 of 95 VirusTotal vendors, registered through Cloudflare, Inc., resolving to IP address 188.114.96.3, and secured with a Google Trust Services SSL certificate. Historical data indicates the domain was created recently and has accumulated a low but concerning blocklist presence, correlating with its active phishing deployment.


Users should treat this domain as hostile and immediately cease any interaction. PhishDestroy recommends blocking the domain at network and endpoint levels, revoking any credentials entered, and reporting the incident to NADAX support and relevant cybercrime units. Continuous monitoring for new variants is advised due to the evolving nature of crypto-drainer campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d2492e96-1a0b-4424-9aac-73a740895914
- PhishDestroy: https://phishdestroy.io/domain/sso-nadax-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-nadax-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-nadax-login.pages.dev/
Last updated: 2026-04-12