# lumen-hollow.pages.dev — MALICIOUS

> Avoid lumen-hollow.pages.dev: a high-risk phishing site currently offline. Do not share personal info and ensure your devices are secure.

## Summary
PhishDestroy identifies lumen-hollow.pages.dev as a high-risk phishing domain designed to deceive users into divulging sensitive information. Although currently offline, this domain was recently created and quickly flagged due to its suspicious behavior. Such sites pose serious threats by masquerading as legitimate services, aiming to steal credentials or financial details.

This phishing scheme typically works by presenting fake login pages or urgent prompts to extract private data from unsuspecting visitors. In this case, the domain was registered through Cloudflare and resolved to an IP address now inactive, which suggests swift takedown efforts. The domain appeared in a security blocklist and was detected by multiple security vendors, indicating widespread recognition of its malicious intent.

If someone has visited lumen-hollow.pages.dev, it is critical to avoid entering any personal or financial information. Users should immediately scan their devices for malware, update passwords for potentially compromised accounts, and monitor financial statements for unusual activity. Staying vigilant and relying on trusted security tools can help prevent damage from such phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.152
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["remy.ns.cloudflare.com", "kia.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bd6bf-3670-7008-9e1a-fc318512c5d6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9222cce2-70fc-4af4-beb2-063580d8f6c6
- PhishDestroy: https://phishdestroy.io/domain/lumen-hollow.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lumen-hollow.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lumen-hollow.pages.dev/
Last updated: 2026-03-19