# coinsquaareelogi.webflow.io — SUSPICIOUS

> coinsquaareelogi.webflow.io impersonates a crypto exchange to steal credentials. Blocked by OpenPhish, it’s hosted on 172.64.151.

## Summary
PhishDestroy identifies coinsquaareelogi.webflow.io as a live cryptocurrency phishing page that mimics a legitimate exchange to harvest user credentials. The domain is configured on Webflow’s infrastructure, resolving to IP 172.64.151.8, and already appears on two public blocklists including OpenPhish and OISD. With zero antivirus engines flagging it on VirusTotal, the threat remains undetected by many security tools, underscoring the need for user vigilance and layered defenses.

This domain was flagged by PhishDestroy on 2024-06-15 after security researchers observed it distributing fake “account upgrade” links via phishing emails. VirusTotal’s latest scan shows 0 detections out of 95 engines, indicating minimal coverage by signature-based detection. The SSL certificate is issued by Google Trust Services, giving the site a false sense of legitimacy. Registrar data and creation timestamps were not disclosed in public feeds, but the domain structure and hosting pattern suggest a recent campaign targeting crypto investors.

If you visited coinsquaareelogi.webflow.io, immediately cease entering any credentials or personal information. Close the browser tab and clear cached data for that site. Scan your device with updated antivirus software. Rotate any reused passwords, especially for cryptocurrency exchanges or wallets. Report the incident to your security team and consider revoking any API keys exposed on the page. Monitor financial accounts and crypto balances for unauthorized transactions. If you entered login details, revoke session tokens and enable two-factor authentication on all related accounts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.64.151.8

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/coinsquaareelogi.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/coinsquaareelogi.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/coinsquaareelogi.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinsquaareelogi.webflow.io/
Last updated: 2026-04-04