# 777lucky9.com — SUSPICIOUS

> 777lucky9.com operates as a crypto drainer phishing site with 0/95 VirusTotal detections. Avoid transactions and report immediately to protect funds and data.

## Summary
PhishDestroy identifies 777lucky9.com as an active crypto drainer phishing domain designed to steal cryptocurrency from unsuspecting victims. The site impersonates legitimate gambling or lottery platforms to trick users into connecting crypto wallets under false pretenses. No specific drainer kit (e.g., Revenger, VenomDrainer) has been publicly attributed to this domain yet, but the modus operandi aligns with common crypto-draining operations observed in recent campaigns. The domain's recent creation and lack of historical reputation suggest it is part of an emerging threat cluster targeting crypto enthusiasts.  

This domain exhibits clear technical indicators of malicious intent. It resolves to IP 18.245.46.47 and is registered through Gname.com Pte. Ltd., with the domain created on November 22, 2025. Despite using an Amazon-issued SSL certificate, VirusTotal currently reports 0/95 detections, indicating it has evaded detection by major antivirus engines. Google Safe Browsing (GSB) status is unconfirmed, and the domain remains unlisted on major blocklists, further highlighting its novelty and low detection coverage. The absence of detections does not equate to safety; rather, it signals a critical window of exposure for potential victims.  

The current status of 777lucky9.com remains active, with no takedown or mitigation actions observed. Security researchers and users are advised to block the domain at the network level and report it to relevant authorities, including Google Safe Browsing and cryptocurrency platform abuse teams. The risk level is classified as 'under_investigation' due to the lack of historical data, but the combination of recent creation, zero detections, and crypto-draining tactics warrants immediate caution. Users engaging with cryptocurrency should verify URLs through trusted sources and avoid interacting with unsolicited links promising 'lucky' rewards or 'exclusive' opportunities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-22 13:41:37
- Registrar: Gname.com Pte. Ltd.
- IP: 18.245.46.47

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0dea2c3b-a3fd-47d6-b7d8-a62a8d4ffab4
- PhishDestroy: https://phishdestroy.io/domain/777lucky9.com/
- LLM endpoint: https://phishdestroy.io/domain/777lucky9.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/777lucky9.com/
Last updated: 2026-03-24