# kerkanlogixn.webflow.io — SUSPICIOUS

> kerkanlogixn.webflow.io hosts an active invoice-themed phishing scam. VirusTotal flags 4/95 vendors. Check the full report.

## Summary
PhishDestroy identifies a live phishing page hosted at kerkanlogixn.webflow.io that impersonates a legitimate invoice portal in an attempt to harvest payment credentials. The site uses SSL encryption via Google Trust Services (GTS CA 1C3) to appear authentic, resolving to IP 172.64.151.8. Scans by VirusTotal show only 4 out of 95 security engines currently detect the threat, leaving many users unprotected if relying solely on automated tools.

This domain was flagged on March 12, 2024, by PhishDestroy’s crawlers within hours of activation, and was registered through Cloudflare, Inc. with a two-year lifespan beginning February 29, 2024. Analysis indicates the campaign is part of a broader trend using Webflow subdomains to bypass traditional email security filters, leveraging legitimate hosting services to deliver convincing invoice spoofs with embedded credential-harvesting forms.

If you or your employees have interacted with this domain—especially entering any login or payment information—immediately lock the affected account, rotate passwords using a separate device, and scan all connected systems for malware. Report the incident to your finance team and consider enabling multi-factor authentication on all payment portals. Forward any suspicious emails to your SOC for deeper inspection, and block both the domain and IP at your firewall.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.64.151.8

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e044aaa2-2d4f-49d8-9bd9-a2086f13f50c
- PhishDestroy: https://phishdestroy.io/domain/kerkanlogixn.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kerkanlogixn.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kerkanlogixn.webflow.io/
Last updated: 2026-04-13