Nexeoplastics.lightning.force.com presents itself as a login portal, but anyone considering using it should pause. The site immediately redirects to a Salesforce authentication page, and there is zero information about who runs it. No about page, no contact details, no privacy policy. That is unusual for a legitimate business portal, even a small one. The technical side works fine: the connection is secure, and the hosting is on Salesforce's own infrastructure. But the hidden domain registration and complete lack of transparency raise real questions about whether this is a genuine company login or a phishing setup. If you are considering entering credentials here, you should first verify directly with Nexeo Plastics through their official website or a phone number you find independently. Do not use the contact form or email from this domain, since there is no way to confirm who receives it. A legitimate business would not hide who they are behind a Salesforce subdomain with no explanation.
No — nexeoplastics.lightning.force.com doesn't look safe
In plain English
I would be cautious with this site. The domain owner is completely hidden, there is no contact info or legal pages, and the site immediately redirects to a Salesforce login page with no explanation of what Nexeo Plastics actually is. While the technical security is fine, the lack of transparency makes it hard to tell if this is a real company portal or something set up to collect credentials.
What you should do now
Don't panic. These steps limit the damage, and the sooner you take them the better.
Don't enter any details
No passwords, card numbers or personal information — even if the site looks professional.
Close the tab
Especially if you got here from an email, text message or social media ad.
Already paid? Call your bank
Contact your bank or card provider right away. They can often stop or reverse a recent payment.
Warn others
Report the site and share this check with anyone who sent you the link.
Where the score comes from
Strong security setup with a valid SSL certificate, modern TLS, and browser protections like HSTS and Content Security Policy in place. No issues with malware or phishing flags.
The WHOIS record returns no match for this domain, meaning the actual registrant is fully hidden. A legitimate business should have transparent ownership information, especially one that redirects to a Salesforce login page.
The site is not on any blacklists and Google sees no threats, but the domain has no history in the Wayback Machine and no external presence like Trustpilot. A brand new site with no track record is inherently harder to trust.
This site redirects immediately to a Salesforce authentication portal without showing any about page, contact information, or branding beyond a favicon. There is no way to tell who runs this business or how to reach them.
No privacy policy, terms of service, or cookie consent are visible. For a site that directs users to log in (likely a business portal), missing these legal pages is a meaningful gap compared to what customers expect from a legitimate company.
DNS is well-configured with DNSSEC enabled, reliable hosting via Salesforce’s infrastructure, and traffic forced over HTTPS. No email setup, but that is normal for a site that is just a login portal.
What we checked
Think this verdict is wrong?
Site owners can request a fresh scan. Scores update automatically as signals change.