# cnsqarrlognn.webflow.io — MALICIOUS

> cnsqarrlognn.webflow.io active credential theft campaign flagged by 19/95 VirusTotal vendors. Avoid entering credentials here. Report immediately.

## Summary
PhishDestroy identifies cnsqarrlognn.webflow.io as an active credential theft domain impersonating a legitimate brand to harvest user login details. The elevated risk level stems from its confirmed use in phishing attacks targeting unsuspecting visitors. This domain was flagged by 19 of 95 VirusTotal security vendors, indicating widespread detection of its malicious nature.  This domain resolves to IP 104.18.36.248 and utilizes a Google Trust Services SSL certificate to appear legitimate. The infrastructure aligns with known phishing tactics, leveraging trusted certificate authorities to bypass browser warnings. Notably, the domain operates under Webflow's free hosting service, which has been abused in past campaigns for its low barrier to deployment. While creation date and registrar details are not provided, the combination of high VirusTotal detections and SSL trust score underscores its malicious intent.  Organizations and individuals should block cnsqarrlognn.webflow.io at the network level and educate users to verify URLs before entering credentials. If credentials were entered, users must rotate passwords immediately and enable multi-factor authentication on all associated accounts. Report this domain to your security team or via PhishDestroy's portal to aid in threat intelligence sharing.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4a08d307-3338-4214-9786-598762bb93aa
- PhishDestroy: https://phishdestroy.io/domain/cnsqarrlognn.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/cnsqarrlognn.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cnsqarrlognn.webflow.io/
Last updated: 2026-03-22