EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of portal----ndax-io---cdn-auth-login.webflow.io

Información de Detección

http://portal----ndax-io---cdn-auth-login.webflow.io/
Detected Brand
Ndax
Country
International
Confianza
95%
HTTP Status
200
Report ID
f57468a2-f86…
Analyzed
2026-02-14 12:03
Final URL (after redirects)
https://portal----ndax-io---cdn-auth-login.webflow.io/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1A8819727A90CA82F4B8240F5A871729DC60B088FE441C99D9BE4C4ED53FDBD981F6997
CONTENT ssdeep
96:DHRHIH6TPf+ylw/Fz/2Hqt6iDzFO/IVFGmON1r:jRHIH6TP/wtz/iqt6iDlxON1r

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
a9863b3c248fd8f2
VISUAL aHash
03036b03030b0303
VISUAL dHash
2fcbabd79793530b
VISUAL wHash
070f7b73434b8b83
VISUAL colorHash
31000400030
VISUAL cropResistant
74f474f474747473,e4f0b1b4c968b0e0,c4a2942b2bada2c2,32e594e98b896816

Análisis de Código

Risk Score 53/100
Nivel de Amenaza ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Ndax
• Método: Suplantación de identidad a través de hosting gratuito.
• Exfil: Desconocido
• Indicadores: Hosting gratuito, logo de la marca en un dominio sospechoso, ofuscación.
• Riesgo: ALTO

🔒 Obfuscation Detected

  • fromCharCode

🎯 Kit Endpoints

  • https://portal.ndax.io/auth/login
  • https://portal----ndax-io---cdn-auth-login.webflow.io/

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site is hosted on a free platform, a common tactic used by phishers.
Brand Impersonation
The website attempts to mimic the appearance of a legitimate Ndax website.
Obfuscation
Obfuscation used to hide malicious code is a sign of a threat.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Credential Harvesting Kit
Objetivo
Ndax users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester
  • 4 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Ndax
Official Website
https://ndax.io/
Fake Service
Likely login or a service related to crypto trading or management.

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker likely aims to steal user credentials by creating a convincing fake Ndax login page, hosted on a free platform.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
portal----ndax-io---cdn-auth-login.webflow.io
Registered
None
Registrar
None
Estado
None

🔬 JavaScript Deep Analysis

Sophistication Level
Basic
Total Code Size
36,5 KB

🔗 API Endpoints Detected

Other
4
Backend API
1

🔐 Obfuscation Detected

  • : Light

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Desconocido
https://cdn.gosafemode.com/screenshots/bb0f496bc6b3.png
Jun 20, 2026
 Screenshot
Ndax
http://portal-ndax---io-cdn---auth-login.webflow.io/
Feb 14, 2026
 Screenshot
Ndax
https://help-nndax-sso.webflow.io/
Feb 01, 2026
 Screenshot
Ndax
https://nddax-us.webflow.io/
Ene 30, 2026
😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.