# cnsqarrlogzn.webflow.io — MALICIOUS > PhishDestroy identifies cnsqarrlogzn.webflow.io as an active credential-stealing phishing site. 18 out of 95 VirusTotal engines already flag it. ## Summary This domain is a live credential-harvesting phishing site designed to trick visitors into entering usernames, passwords, or payment details. The page is hosted on Webflow’s infrastructure and its SSL certificate is issued by Google Trust Services, which may make it seem legitimate at first glance. The domain resolves to IP 172.64.151.8, but this is only superficial cover; the underlying purpose is to steal sensitive information under false pretenses. PhishDestroy flagged cnsqarrlogzn.webflow.io after 18 of 95 participating VirusTotal security engines returned a positive detection for credential phishing. The domain was registered via Webflow and activated recently, leveraging the platform’s legitimate appearance to evade initial suspicion. Attackers often register look-alike subdomains on reputable services to bypass traditional filters and exploit the trust users place in well-known brands. If you visited cnsqarrlogzn.webflow.io, immediately close the tab and avoid entering any information. Scan your device for malware and change passwords that may have been exposed. Report the domain to your security team or use PhishDestroy’s lookup tool to alert others. Do not rely on the SSL padlock alone; verify domains carefully before entering credentials. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a02db82e-f8ce-4849-8ce0-ad1ad1609a9c - PhishDestroy: https://phishdestroy.io/domain/cnsqarrlogzn.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/cnsqarrlogzn.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cnsqarrlogzn.webflow.io/ Last updated: 2026-03-23