# lluuxxa6238.cfd — SUSPICIOUS

> lluuxxa6238.cfd is a live crypto drainer phishing domain flagged by 0/95 VirusTotal vendors with a Let's Encrypt SSL certificate. Investigate now.

## Summary
The PhishDestroy threat intelligence team has identified lluuxxa6238.cfd as an active crypto drainer campaign under investigation. The domain is currently flagged by Google Safe Browsing for SOCIAL_ENGINEERING tactics and remains unblocked by most security vendors, posing a moderate but evolving risk to cryptocurrency users. This domain is not yet widely recognized as malicious, but its recent registration and infrastructure choices suggest an emerging threat vector requiring immediate attention.


This domain was flagged by Google Safe Browsing for SOCIAL_ENGINEERING and currently shows 0 detections out of 95 VirusTotal vendors, indicating a low initial detection rate despite suspicious infrastructure. It resolves to IP 163.181.214.4 and was registered through Aceville Pte. Ltd. on March 26, 2026. The domain uses a Let's Encrypt SSL certificate to enhance legitimacy, a common tactic among crypto drainer operators to bypass browser warnings. Trust scores are not yet available, but the combination of recent registration, low detection rates, and active status suggests this is an early-stage campaign with potential for rapid expansion.


Current status indicates active operation with limited blocking, making this domain a high-priority target for security teams and cryptocurrency platforms. Organizations should monitor lluuxxa6238.cfd for related indicators, block the domain at DNS and network levels, and review SSL certificate issuance patterns from Let's Encrypt for similar domains. Users should avoid interacting with this domain, verify all crypto transaction URLs manually, and report any suspicious activity to their security teams. Immediate defensive action is recommended due to the domain's active status and low initial detection rate.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 11:11:13
- Registrar: Aceville Pte. Ltd.
- IP: 163.181.214.4

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/32b25e9a-87e2-42ce-ab37-bb6146ac17e2
- PhishDestroy: https://phishdestroy.io/domain/lluuxxa6238.cfd/
- LLM endpoint: https://phishdestroy.io/domain/lluuxxa6238.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lluuxxa6238.cfd/
Last updated: 2026-03-28