# logon-ledgiilliive.webflow.io — MALICIOUS

> Website logon-ledgiilliive.webflow.io is an active Microsoft 365 login phishing page detected by 18 VirusTotal scanners. Check the full report.

## Summary
PhishDestroy identifies logon-ledgiilliive.webflow.io as an active credential-harvesting page masquerading as a Microsoft 365 login portal. When users enter their email and password, the data is immediately transmitted to servers controlled by the attackers, giving them full access to corporate or personal accounts. This domain was registered on 2024-06-12 via Google Domains and resolves to IP 104.18.36.248. The attack leverages Webflow’s legitimate hosting platform to appear benign while hosting a near-identical replica of Microsoft’s official login UI.


This domain was flagged by 18 of 95 VirusTotal security vendors within 24 hours of its creation and still carries a valid Google Trust Services SSL certificate. The benign-looking certificate and Webflow hosting make the page more convincing to non-technical users. The combination of a newly created domain, low VT detection rate, and trusted certificate infrastructure is typical of fast-moving phishing campaigns designed to bypass automated filters and harvest credentials before takedown.


If you visited logon-ledgiilliive.webflow.io, immediately change the password you entered and enable multi-factor authentication on all accounts that share the same credentials. Scan your device with an up-to-date antivirus suite and review sign-in logs in your Microsoft 365 admin center for any unauthorized access. Report the domain to your IT security team and consider revoking any saved sessions or tokens issued during the visit. Forward the full URL to PhishDestroy’s submission portal so the page can be added to browser blocklists within hours.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 18 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c833571c-054e-4958-9043-0d9f5bd03fd4
- PhishDestroy: https://phishdestroy.io/domain/logon-ledgiilliive.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/logon-ledgiilliive.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/logon-ledgiilliive.webflow.io/
Last updated: 2026-03-29