# coeensquarelogin.webflow.io — MALICIOUS

> Beware of coeensquarelogin.webflow.io, a high-risk phishing site targeting credentials. Stay informed and protect your data from this active threat.

## Summary
PhishDestroy has identified coeensquarelogin.webflow.io as a credential phishing domain actively targeting users to steal login information. Classified under credential_phishing, this domain mimics legitimate login portals to deceive victims into surrendering sensitive credentials. The unique seed 981b58 underpins the analysis, supporting detailed tracking and differentiation from similar threats.

Technical investigations reveal that coeensquarelogin.webflow.io resolves to the IP address 172.64.151.8 and is hosted on the Webflow platform, which is sometimes abused by attackers for phishing due to ease of deployment. VirusTotal scans indicate that 10 out of 95 security vendors have flagged this domain, confirming its malicious nature though not universally detected. The use of a subdomain and a reputable hosting service suggests an attempt to appear legitimate and bypass casual inspection.

Currently, coeensquarelogin.webflow.io remains active and poses a high risk to users who may encounter it. PhishDestroy recommends immediate blocking and cautious handling of any interaction with this domain. Security teams and end-users should update filters and educate about this threat. Ongoing monitoring is essential to track any infrastructure changes or new phishing campaigns linked to this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Coinsquare Login | Your Trustworthy Crypto Exchange

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.64.151.8
- Nameservers: NS_NOT_FOUND

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "ESET", "Emsisoft", "Fortinet", "LevelBlue", "Lionic", "Netcraft", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://urlscan.io/screenshots/019d0373-2192-7675-8bc0-22ee5483720b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/07800440-0400-4553-bc04-dfee60ad4a97
- PhishDestroy: https://phishdestroy.io/domain/coeensquarelogin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/coeensquarelogin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coeensquarelogin.webflow.io/
Last updated: 2026-03-19