# funspin789.org — SUSPICIOUS

> funspin789.org hosts a generic phishing page flagged under investigation with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies funspin789.org as a recently activated domain engaged in generic phishing activity, currently under investigation for potential crypto drainer deployment. The page impersonates a casual gaming portal, luring users with the promise of 'fun spins' or prizes while surreptitiously harvesting cryptocurrency wallet credentials. No specific drainer kit signatures have been extracted from available samples, but the infrastructure layout and SSL certificate acquisition strongly suggest opportunistic fraud rather than targeted brand impersonation.  This domain was flagged by PhishDestroy on September 29, 2025, the same day it was created. It resolves to IP 104.18.15.115 and is registered through Dynadot Inc. The SSL certificate is issued by Let's Encrypt, providing a false sense of legitimacy. As of this report, VirusTotal shows 0 detections out of 95 scanners, indicating it remains undetected by most security vendors. It has not been blocked by Google Safe Browsing and has not yet appeared on any public blocklists, placing it at the initial stages of malicious campaign deployment.  As of today, funspin789.org remains active and under live investigation by multiple threat intelligence teams. Users are advised to avoid visiting or interacting with this domain. Security teams should block the domain at the network level and monitor for outbound connections to 104.18.15.115. While detection coverage is currently low, rapid escalation is expected as more samples are analyzed and signature-based defenses are updated. Remaining risk is assessed as high due to active hosting, unblocked status, and potential for rapid drainer toolkit deployment.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-29 12:57:03
- Registrar: Dynadot Inc
- IP: 104.18.15.115

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d3f0d1e7-2ed1-4758-9b12-f46d8d9c7a66
- PhishDestroy: https://phishdestroy.io/domain/funspin789.org/
- LLM endpoint: https://phishdestroy.io/domain/funspin789.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/funspin789.org/
Last updated: 2026-03-24