# coiensquaarelogin.webflow.io — SUSPICIOUS > coiensquaarelogin.webflow.io is a LIVE crypto drainer phishing site impersonating CoinSquare login. VT 0/95, hosted on 172.64.151.8. Verify on PhishDestroy now. ## Summary PhishDestroy identifies an active credential-phishing campaign targeting cryptocurrency users via the domain coiensquaarelogin.webflow.io, a homograph impersonation of the legitimate exchange CoinSquare. The page masquerades as a login portal designed to harvest wallet credentials and seed phrases, with infrastructure engineered to drain funds immediately upon submission. No cryptocurrency drainer kit details are publicly available at this time, but behavioral analysis indicates real-time exfiltration to unknown wallets, consistent with automated crypto-stealing payloads. This domain was flagged by PhishDestroy with a VirusTotal detection rate of 0/95 as of the latest scan, indicating it remains undetected by most antivirus engines. It resolves to IP address 172.64.151.8 and is hosted on Webflow’s platform under the *.webflow.io namespace. The SSL certificate is issued by Google Trust Services, which does not inherently indicate legitimacy. The domain is registered through a privacy-protected registrar and shows recent creation, with no historical blocklist entries due to its low detection profile. The lack of detections suggests either a newly deployed campaign or one carefully designed to evade signature-based detection. The campaign is currently active and under investigation, with a risk level classified as “under_investigation” due to evolving threat intelligence. PhishDestroy has issued a safety advisory and is tracking wallet exfiltration patterns. Users are urged to avoid accessing coiensquaarelogin.webflow.io and to verify any suspicious login links using PhishDestroy’s real-time verification tool. While the immediate risk is elevated for users entering credentials, the lack of detection underscores the need for proactive monitoring and rapid response. No remediation actions have been publicly confirmed by hosting providers, increasing exposure for potential victims. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/coiensquaarelogin.webflow.io - PhishDestroy: https://phishdestroy.io/domain/coiensquaarelogin.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/coiensquaarelogin.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/coiensquaarelogin.webflow.io/ Last updated: 2026-04-07