# kreqenlogin.webflow.io — MALICIOUS

> Beware of kreqenlogin.webflow.io, a credential phishing site recently taken offline. Learn how it works and protect your login info now.

## Summary
PhishDestroy identifies kreqenlogin.webflow.io as a credential phishing domain posing a medium-level risk. Although currently offline, this site was designed to steal user login credentials by masquerading as a legitimate service. Visitors to this domain faced the danger of having sensitive information, such as usernames and passwords, captured by cybercriminals for malicious use.

This phishing operation employed deceptive tactics, likely presenting fake login forms to trick users into providing personal credentials. The domain was relatively new, created on March 12, 2026, and appeared on two security blocklists. VirusTotal flagged it with 9 security vendors detecting suspicious activity. The domain resolved to IP 172.64.151.8 before being taken offline, showing it was active long enough to concern security researchers.

If someone visited kreqenlogin.webflow.io, it is critical to immediately change any passwords entered on the site and monitor accounts for unusual activity. Users should also be cautious with any emails or messages that directed them to this domain and enable multi-factor authentication where possible to enhance account security. Staying informed and vigilant helps prevent falling victim to credential phishing attempts like this one.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: 404 - Page not found

## Domain Intelligence
- Registered: 2026-03-12 19:07:01
- IP: 172.64.151.8
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "Chong Lua Dao", "CyRadar", "Emsisoft", "Fortinet", "Netcraft", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce343-176c-71f9-8896-83c768a5e6b3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d6c146fb-673a-4f7e-82cb-317cedb3b2b0
- PhishDestroy: https://phishdestroy.io/domain/kreqenlogin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kreqenlogin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kreqenlogin.webflow.io/
Last updated: 2026-03-19