# cantonlink.app — SUSPICIOUS

> cantonlink.app is a newly active credential harvesting phishing domain registered on Jan 25, 2026, resolving to 216.198.79.1.

## Summary
PhishDestroy identifies cantonlink.app as an active credential harvesting phishing domain. This domain poses a high risk to users through impersonation of legitimate services to steal login credentials. The threat actor operates a deceptive online portal designed to harvest sensitive authentication data under false pretenses, leveraging spoofed branding and social engineering tactics to deceive victims.  This domain exhibits multiple red flags consistent with active phishing infrastructure. Registered through GoDaddy.com, LLC on January 25, 2026, cantonlink.app rapidly deployed with a Let’s Encrypt SSL certificate to appear trustworthy. Hosted at 216.198.79.1, the domain remains undetected across 95 VirusTotal engines (0/95 detections at time of analysis), indicating evasive deployment. This low detection rate increases the likelihood of successful compromise. Analysis indicates this domain is not yet widely listed on major blocklists, allowing it to remain accessible to targeted users during early campaign stages.  Users who have visited cantonlink.app or entered credentials on its pages should immediately change passwords used on that site and enable multi-factor authentication wherever possible. Scan devices for malware using updated antivirus tools and review accounts for unauthorized access. Report the domain to your security team and flag any intercepted credentials to prevent further misuse. Exercise heightened caution with newly registered domains, especially those using recent SSL certificates and low detection rates on VirusTotal, as these are common indicators of emerging phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-01-25 02:33:21
- Registrar: GoDaddy.com, LLC
- IP: 216.198.79.1

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9ffabbd5-a15f-4b23-8364-566ed607f5dd
- PhishDestroy: https://phishdestroy.io/domain/cantonlink.app/
- LLM endpoint: https://phishdestroy.io/domain/cantonlink.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cantonlink.app/
Last updated: 2026-03-26