# signin-coinsquareca.webflow.io — SUSPICIOUS

> PhishDestroy identifies signin-coinsquareca.webflow.io as a live credential theft page mimicking Coinsquare.

## Summary
PhishDestroy identifies signin-coinsquareca.webflow.io as an active credential theft page impersonating Coinsquare, a Canadian cryptocurrency exchange. The domain leverages Webflow’s hosting infrastructure to present a spoofed login portal designed to harvest user credentials, including email addresses and passwords, under the guise of a legitimate Coinsquare sign-in flow.  This domain was flagged with 0 detections out of 95 engines on VirusTotal as of the latest scan, indicating it remains undetected by most antivirus solutions. The domain resolves to IP 172.64.151.8, which is associated with Cloudflare, a common hosting provider used by threat actors to mask infrastructure. The domain itself is a subdomain hosted on Webflow’s platform, a legitimate service often abused in credential phishing due to its ease of deployment and low barrier to entry for threat actors. Creation details and registrar information remain unverified at this time, but the use of a trusted SSL certificate (Google Trust Services) adds a false veneer of legitimacy to the fraudulent page.  Users who have visited this domain should immediately change their Coinsquare account password using a separate, trusted device and enable two-factor authentication (2FA) if not already active. Clear browser cookies and cached data related to the site, and consider revoking any saved credentials stored by the browser. Report the domain to your security team or email provider, and avoid interacting with any further prompts from this or similar domains. Monitor financial accounts linked to cryptocurrency exchanges for unauthorized transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.64.151.8

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/signin-coinsquareca.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/signin-coinsquareca.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/signin-coinsquareca.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/signin-coinsquareca.webflow.io/
Last updated: 2026-04-04