# netcoins-login-sso-ca-eng.webflow.io — SUSPICIOUS > netcoins-login-sso-ca-eng.webflow.io mimics Netcoins login to steal crypto credentials; detected with 0/95 VirusTotal flags. ## Summary PhishDestroy identifies netcoins-login-sso-ca-eng.webflow.io as an active credential phishing domain designed to impersonate the official login portal of Netcoins, a cryptocurrency exchange platform. The threat actor leverages the legitimate Webflow.io domain to host a spoofed login interface, tricking users into entering their email and password credentials, which are then harvested for unauthorized access to victims’ financial accounts. This domain resolves to IP address 172.64.151.8 and utilizes a Google Trust Services SSL certificate, increasing its appearance of legitimacy at a glance. The absence of detections on VirusTotal (0/95) suggests this campaign remains under the radar of many automated security systems, allowing it to operate undetected. This domain was flagged under investigation due to its clear intention to deceive users through deceptive naming, including references to “login,” “sso” (single sign-on), and “ca-eng” (Canadian English), all of which mimic authentic regional login flows used by legitimate exchanges. VirusTotal currently shows zero detections across 95 security vendors, indicating that signature-based detection is not yet effective against this URL. The use of Webflow.io as a hosting platform is notable, as threat actors increasingly abuse legitimate website builders to host phishing content due to their trusted domain reputation and ease of deployment. While Webflow platforms are typically legitimate, malicious actors can create subdomains to host fake login pages with minimal friction. If you have visited netcoins-login-sso-ca-eng.webflow.io or entered any credentials on the page, immediately change your Netcoins account password using a verified device and enable two-factor authentication (2FA) if not already active. Avoid clicking any links from unsolicited emails or messages claiming to be from Netcoins. Instead, manually navigate to the official Netcoins website (netcoins.com) or use a trusted app to verify your login status. Report the URL to PhishDestroy and Netcoins security teams for takedown and investigation. Monitor your email and financial accounts for unusual activity, as stolen credentials may be used in follow-on attacks. Never reuse passwords across platforms, especially for financial services. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/netcoins-login-sso-ca-eng.webflow.io - PhishDestroy: https://phishdestroy.io/domain/netcoins-login-sso-ca-eng.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/netcoins-login-sso-ca-eng.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/netcoins-login-sso-ca-eng.webflow.io/ Last updated: 2026-04-03