Lovable.dev (Domain) Investigation Report
Generated on Oct 6, 2025
Why we think so?
Quick take: lovable.dev is a high‑traffic AI app builder (tens of millions of monthly visits) with a verified company presence in Stockholm and recent high‑profile press coverage. ⚠️ At the same time, multiple security researchers and news outlets document large‑scale abuse of the platform — criminals have used Lovable to spin up phishing pages that steal credentials and drain crypto wallets. The site itself is not flagged by Google Safe Browsing and shows standard security/verification records, but the abuse risk means you should treat any site built on this platform cautiously and verify the destination before entering credentials or payments.
Risk Insights
High scale, real company — but abused for phishing
- Lovable.dev shows real company signals: funding coverage, Google Places listing, and strong web traffic (~21M/month).
- Security researchers and Proofpoint documented thousands of malicious URLs built on the platform.
- Treat pages hosted on this platform like third‑party content; verify origin before trusting credentials or payments.
Category Scores
Red Flags & Warnings
- Security researchers report widespread abuse: Lovable has been used to create phishing and crypto‑draining pages at scale.
- User complaints about lost credits, disappearing projects, and platform glitches that can cause indirect financial harm to customers.
- Public legal disputes with established vendors (Figma cease‑and‑desist) increase operational risk and regulatory scrutiny.
Detailed Checks & Insights
0-100 Scale
Domain tech & infrastructure (similartech v1)
Score: 85
Domain tech & infrastructure (similartech v1)
"Presence of Stripe verification and multiple google-site-verification TXT records indicates a maintained production site with payment and verification integrations."
Reason: Modern stack detected (Cloudflare, AWS, Stripe, Google Analytics), HTTPS present and multiple verification TXT records.
Traffic volume & engagement (similar web api v1)
Score: 88
Traffic volume & engagement (similar web api v1)
"High engagement and traffic rank (~2,500 globally) are strong trust signals for platform scale."
Reason: SimilarWeb reports ~21M monthly visits, strong pages/visit and time on site indicating widespread legitimate usage.
Traffic stats / competitor data (website traffic stats v1)
Score: 30
Traffic stats / competitor data (website traffic stats v1)
"One source lacked data; use SimilarWeb/SimilarTech for the traffic picture instead."
Reason: Requested traffic dataset returned no data, leaving a visibility gap for some analytics.
Contact details & social presence (website contacts scraper v1)
Score: 80
Contact details & social presence (website contacts scraper v1)
"No public phone number found in scraped contacts, but emails and social links are consistent with a SaaS vendor."
Reason: Published support and sales emails plus multiple social profiles (Twitter, LinkedIn, Instagram, Facebook) provide clear contact paths.
WHOIS / DNS / SSL checks (whois dns ssl v1)
Score: 85
WHOIS / DNS / SSL checks (whois dns ssl v1)
"Certificate validity window and DNS setup are normal for a production SaaS site; TTLs and NS records point to Cloudflare protection."
Reason: Valid SSL certificate, Cloudflare nameservers, SPF/MX records and verification TXT records observed.
Trademark search (uspto trademark search v1)
Score: 70
Trademark search (uspto trademark search v1)
"Absence from USPTO registry does not prevent private cease‑and‑desist actions; monitor for ongoing filings."
Reason: No direct USPTO trademark matches for the queried term, but public brand disputes (Figma) exist in press.
Crypto scam blacklist (crypto scam sniffer v1)
Score: 75
Crypto scam blacklist (crypto scam sniffer v1)
"Platform has been used to host crypto‑draining scam pages, but the domain itself is not currently listed on this blacklist."
Reason: Domain not found on the supplied crypto scam blacklist.
Google Safe Browsing (google safe browsing v1)
Score: 78
Google Safe Browsing (google safe browsing v1)
"Safe Browsing not flagging the domain is useful, but it does not prevent malicious subdomains or hosted pages from being abused."
Reason: No matched threats in the provided Safe Browsing results.
Maps listing & reviews (google places v1)
Score: 80
Maps listing & reviews (google places v1)
"A verified place listing is a meaningful identity signal for company legitimacy."
Reason: Google Places shows a physical address in Stockholm with a 4.3 rating and ~239 reviews.
News & security reporting (google news v1 / perplexity questions v1)
Score: 40
News & security reporting (google news v1 / perplexity questions v1)
"High‑visibility funding and press (TechCrunch) coexist with security research documenting large‑scale malicious use of the platform."
Reason: Multiple articles detail both rapid growth/funding and security abuse; the abuse reports are material and lower overall trust.
Your Next Steps
-
1
When you encounter a site claiming to be a known brand, verify the URL carefully (look for exact domain, certificate details, and official vendor links) before entering credentials or connecting wallets.
-
2
Avoid entering payment or wallet keys on pages you did not reach from an official vendor domain; prefer bookmarked or search‑verified links.
-
3
If you see a suspicious site hosted on lovable.dev, report it to Lovable (support@lovable.dev) and to Google Safe Browsing; collect screenshots and the exact URL.
-
4
For businesses: monitor for impersonations, register key trademarks, and set up automated takedown/monitoring (proofing WHOIS, brand alerts, and abuse reporting contacts).
-
5
If you purchased credits and lost access or funds, contact support@lovable.dev and your payment provider immediately and file a report with local law enforcement if financial theft occurred.
Key Evidence & Citations
-
Lovable becomes a unicorn with $200M Series A just 8 months after launch
⤷ Major press coverage and funding announcement showing business traction.
-
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
⤷ Security researcher findings describing platform abuse for phishing.
-
SimilarWeb domain analytics for lovable.dev (visits, rank, engagement)
⤷ Traffic metrics: ~21M visits and engagement stats used to assess scale.
-
WHOIS / DNS / SSL records for lovable.dev
⤷ Observed HTTPS certificate, Cloudflare nameservers, SPF/MX entries and Stripe verification TXT records.
-
Google Places listing: Lovable — Tunnelgatan 5, Stockholm
⤷ Physical listing with rating and location — supports a verifiable company presence.
-
Security reporting and investigations summarised (research & user complaints)
⤷ Examples of phishing campaigns and Proofpoint analysis referenced in aggregated search results.
📌 More actions for Lovable.dev:
🕵🏻 Keep vetting
Run an investigation on any domain. Verify legitimacy before you pay or subscribe!
👤 Find any Person »Find and investigate any person / online identity on 7 social media platforms.
📞 Investigate Phone No. »Attribute a phone number to real-world identities, linked online accounts, carrier data, emails, etc.
Community feedback
Not rated yet
0 reviews published
Leave a review
Reviews
No public reviews yet. Be the first to share your experience.
Get answers grounded in the sourced data. Citations like will link to the evidence locker.