Is webflow.io a scam?

Our automated security review found no threat indicators on webflow.io. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.

Is webflow.io safe to use?

webflow.io passed our automated security checks with a trust score of 85/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.

Does webflow.io have a valid SSL certificate?

Yes. webflow.io presents a valid TLSv1.3 certificate issued by Amazon · Amazon RSA 2048 M01, expiring in 127 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

Has webflow.io been flagged by antivirus engines?

1 out of 92 antivirus engines in our malware network flagged webflow.io as malicious or suspicious. Even one detection is a meaningful signal.

Is webflow.io on any phishing or malware blacklists?

No. webflow.io is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is webflow.io hosted?

webflow.io resolves to an IP operated by Amazon Data Services Northern Virginia in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

Is webflow.io a well-known website?

Yes. webflow.io sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.

How often is the webflow.io report updated?

This is a permanent record of the scan run on June 16, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around webflow.io have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Security Review

Is webflow.io legit or a scam?

Our verdict:Safe· 85/100

SafeSuspiciousDangerous

Legitimate Webflow platform domain, but criminals exploit it to host phishing sites — verify full URLs before trusting content.

Why we trust it

Domain registered in 2013 and continuously operated for over 13 years by a well-funded, registered US company.Webflow Inc is headquartered in San Francisco with significant venture funding ($140M Series C in 2021) and serves enterprise clients including Dropbox, Verifone, and Lattice.SSL certificate is valid and issued by Amazon; hosting IP has zero abuse reports and a clean reputation score.

webflow.ioScanned 1h ago

Post Facebook

Trust score

SAFE

Heuristics 90·MT 82

Warning signals (2)

1 of 92 engines flagged Redirects to another domain

Positive signals (3)

Not on major blacklists Encrypted connection Clean server reputation

View density

Analysis Summary

Threat Intelligence

1/92

Engines flagged this URL

Domain Age

—

Registration date unknown

MT Intelligence

Safe

Low likelihood · 92% confidence

SAFE

No threats detected

All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.

Website Preview

LIVE RENDER

webflow.io

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Low scam likelihoodengineMT · Guardiantrust82/100

MT AgentLive web researchVisual inspection

Confidence

Webflow Inc is a well-funded, registered US company founded in 2013 and headquartered in San Francisco. The webflow.io domain has been registered since 2013 and serves as the official hosting platform for user-created sites. Our antivirus network shows no malicious detections (0/92 engines), valid SSL from Amazon, and clean IP reputation. The evidence package confirms Webflow is a legitimate business trusted by enterprise clients like Dropbox and Verifone. However, the evidence also documents that cybercriminals have increasingly abused Webflow's platform to host phishing pages, fake crypto wallets, and CAPTCHA scams — traffic to such malicious pages increased 10-fold between April and September 2024. This abuse is a platform-wide issue, not a flaw in Webflow's own infrastructure. Users visiting webflow.io directly will reach the legitimate platform, but should be cautious about clicking links to user-created subdomains (*.webflow.io) without verifying the full URL.

Full dossier

Analysis complete

Page Content

The page displays Webflow's official marketing site, describing the platform as 'the agentic web platform for modern businesses' with features for design, CMS, hosting, and AI-powered SEO. The meta description claims the platform is trusted by over 300k teams and offers enterprise-grade security. No login form, countdown timer, or push-notification spam detected. The page loads legitimate external resources from Webflow's own CDN and Google Fonts.

Infrastructure

Hosting IP 13.223.12.144 has zero abuse reports and an abuse score of 0/100. SSL certificate is valid, issued by Amazon, with 127 days remaining. The domain redirects once across domains but shows no homoglyph or internationalized-domain indicators. No suspicious redirect chains detected.

Domain History

webflow.io was registered on 2013-05-08 (over 13 years old) via MarkMonitor, the domain registrar used by many legitimate enterprises. Business registration confirms Webflow Inc is an active, privately held US company founded in 2013, headquartered at 398 11th St, 2nd Floor, San Francisco, CA. The company raised $140M in a 2021 funding round valuing it at $2.1B.

Web Reputation

Independent review sites give positive professional assessments of Webflow's design and CMS capabilities. However, security researchers and threat-intelligence firms have documented a significant spike in phishing pages hosted on Webflow subdomains since mid-2024. This reflects abuse of the platform by external threat actors, not compromise of Webflow's own systems. Webflow maintains abuse-reporting channels and warns users about phishing impersonating the platform.

Risk Factors

Cybercriminals frequently abuse Webflow subdomains to host phishing pages, fake crypto wallets, and CAPTCHA scams — traffic to such pages increased 10-fold from April to September 2024.
Users must verify the full URL of any webflow.io subdomain before entering credentials or payment details, as malicious actors can create convincing fake sites on the platform.
One antivirus engine (alphaMountain.ai) flagged the domain as suspicious, though 91 others did not — likely a false positive given the domain's age and legitimacy.

Positive Signals

Domain registered in 2013 and continuously operated for over 13 years by a well-funded, registered US company.
Webflow Inc is headquartered in San Francisco with significant venture funding ($140M Series C in 2021) and serves enterprise clients including Dropbox, Verifone, and Lattice.
SSL certificate is valid and issued by Amazon; hosting IP has zero abuse reports and a clean reputation score.
Professional reviews on independent sites praise Webflow's design tools, CMS, and security features.
Clean antivirus scan: 0 of 92 engines flagged the domain as malicious; major browser blocklists show no hits.

AI Recommendation

Webflow.io is safe to visit and use for legitimate web design and hosting. However, be cautious when clicking links to user-created sites on webflow.io subdomains — always verify the full URL and check for signs of phishing (mismatched branding, urgent requests for credentials or payment) before entering sensitive information.

Next-gen fraud intelligence

Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for webflow.io, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration

Active · United States

Site traces back to an actively registered business.

Clone check

Not a clone

No well-known site's layout or branding detected here.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

4 scam reports · 3 positive

Key findings

7 headline facts from open-web research

webflow.io registered on 2013-05-08 (over 13 years old) via MarkMonitor; official domain for Webflow's free hosting/subdomains.
Webflow Inc is a legitimate, well-funded US company (San Francisco) founded in 2013, serving 300k+ brands including enterprise clients like Dropbox, Verifone, and Lattice.
Webflow platform is frequently abused by cybercriminals to host phishing pages, fake crypto wallet sites, and CAPTCHA scams (10x traffic increase noted Apr-Sep 2024).
Netskope and others recommend checking full URL as phishing sites often end in *.webflow.io.
Mixed user feedback: positive professional reviews for design/CMS capabilities; complaints on Reddit about billing/cancellation and isolated scam warnings in Webflow communities.
Trustpilot page for webflow.io exists with limited reviews (around 13 noted); no major dedicated scam database listings for the core company itself.
Webflow maintains a spam/abuse reporting form and warns users about phishing impersonating their platform or agencies.

Scam reports (4)

Direct quotes from public scam databases, forums, and news.

The Hacker Newsopen
"Researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services"
Netskopeopen
"From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow."
Redditopen
"Webflow is a scam. ... I've tried several times to cancel my Webflow subscription over the last few months by downgrading my website's plan."
LinkedInopen
"A sophisticated phishing campaign exploiting Webflow's Content Delivery Network (CDN) since mid-2024."

Positive reviews (3)

Quotes indicating the site is legitimate.

Crazy Eggopen
"Webflow is a great tool for web designers and developers looking to build websites the same way they've always done, only with half the hassle and twice the power."
Aaron Ward Blogopen
"An Honest Webflow Review (Pros & Cons After 2 Years) ... support with a response time of less than 24 hours which is a perfect backup."
LitExtensionopen
"With fast load times and strong built-in security, Webflow is highly rated for delivering a smooth and safe experience for visitors."

Business registration

Status: active · United States

Webflow Inc, founded 2013, headquartered in San Francisco, CA (398 11th St, 2nd Floor). Privately held software company with significant funding (e.g. $140M round in 2021 valuing at $2.1B).

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

Webflow Inc is a legitimate, 13-year-old San Francisco-based software company founded in 2013 and serving over 300k teams, including enterprise clients like Dropbox and Verifone. Business registration confirms active status with significant venture funding ($140M Series C in 2021). Professional reviews on independent sites praise the platform's design, CMS, and security capabilities.

However, security researchers have documented a significant abuse problem: cybercriminals have increasingly used Webflow's platform to host phishing pages, fake crypto wallets, and CAPTCHA scams. Threat-intelligence firms reported a 10-fold increase in traffic to malicious Webflow-hosted pages between April and September 2024. This reflects external abuse of the platform, not a compromise of Webflow's own infrastructure. Webflow maintains abuse-reporting channels and warns users to verify full URLs before trusting content on webflow.io subdomains.

Mixed user feedback exists: positive professional reviews for design and CMS features; isolated complaints on Reddit about billing and cancellation processes; and security warnings in Webflow communities about phishing impersonating the platform or agencies.

Antivirus Engines

Detection matrix · live

1 engine flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

0Malicious1Suspicious62Harmless92Engines

of 92

alphaMountain.ai

Suspicious· suspicious

1 antivirus engine flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbersNone

Postal addressPresent

Linked social profiles0

Signal Summary

Several contact red flags

No contact email found anywhere on the page.
No phone number listed on the page.

Postal address visible on the page.

Domain & Encryption

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerAmazon · Amazon RSA 2048 M01

ExpiresOct 21, 2026 (127d)

Self-signedNo

Hosting & Technology

HostingAmazon Data Services Northern Virginia

Server locationUS

PopularityTop 100k worldwide

Redirect Chain

Hops

Cross-domain

Yes

Lookalike

Punycode

1301http://webflow.io/
2200https://webflow.com/cross-domain

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file0

ISPAmazon Data Services Northern Virginia

Usage typeData Center/Web Hosting/Transit

Still, stay alert

No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.

Double-check the exact URL in your address bar
Confirm you are actually on webflow.io and not a lookalike like w-ebflow.io.com or an IDN homoglyph.
Use a password manager
Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.
Discuss this site on the forum
If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

VirusTotal

ListedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

cdn.prod.website-files.com webflow.com fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com cdn.intellimize.co api.intellimize.co log.intellimize.co 117761985.intellimizeio.com cdn.jsdelivr.net cdn.jetboost.io developers.webflow.com university.webflow.com help.webflow.com community.webflow.com dhygzobemt712.cloudfront.net validator.schema.org

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

Our automated security review found no threat indicators on webflow.io. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
webflow.io passed our automated security checks with a trust score of 85/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
Yes. webflow.io presents a valid TLSv1.3 certificate issued by Amazon · Amazon RSA 2048 M01, expiring in 127 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
1 out of 92 antivirus engines in our malware network flagged webflow.io as malicious or suspicious. Even one detection is a meaningful signal.
No. webflow.io is not currently listed on the major browser blocklist feeds that modern browsers use.
webflow.io resolves to an IP operated by Amazon Data Services Northern Virginia in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
Yes. webflow.io sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.
This is a permanent record of the scan run on June 16, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around webflow.io have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

Trust / 100

Final Verdict·webflow.io

SAFE

Webflow.io is the official hosting domain for Webflow Inc, a legitimate 13-year-old San Francisco software company serving 300k+ teams. The domain itself is clean and well-established; however, the platform is frequently abused by criminals to host phishing pages, so users should verify full URLs carefully.

AV engines

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Safe reports

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.