# lueur-gainlink.com — MALICIOUS

> PhishDestroy identifies lueur-gainlink.com as a credential theft site; flagged by 5/95 VirusTotal vendors and Google Safe Browsing with a December 4, 2025.

## Summary
PhishDestroy identifies lueur-gainlink.com as a verified credential theft page actively harvesting login details. The site mimics legitimate platforms to trick visitors into submitting usernames, passwords, or multi-factor codes, enabling attackers to hijack accounts across services.

This domain was flagged by 5 of 95 VirusTotal security vendors and by Google Safe Browsing as SOCIAL_ENGINEERING. Registered on December 4, 2025 through NETIM, the site resolves to IP 217.60.38.33 and holds a Let’s Encrypt SSL certificate, tactics often used to appear trustworthy while luring victims.

If you visited lueur-gainlink.com, treat any credentials entered as compromised. Log out of all accounts immediately, change passwords using a different device, enable two-factor authentication wherever possible, and scan your system for malware to prevent further unauthorized access.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-04 10:13:34
- Registrar: NETIM
- IP: 217.60.38.33

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cdf9ec89-8491-45e9-baab-115d13fc8624
- PhishDestroy: https://phishdestroy.io/domain/lueur-gainlink.com/
- LLM endpoint: https://phishdestroy.io/domain/lueur-gainlink.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lueur-gainlink.com/
Last updated: 2026-03-22