mass.report
Scan Intelligence Report0/100
critical Risk
1kx.in
http://1kx.in/gB5PUp
IP
13.204.27.94 · AWS EC2 (ap-south-1)
Location
Mumbai, India
Domain Age
2817 days
HTTP
200 · 53.7s
SSL
Valid· SSL.com RSA SSL subCA, SSL Corporation, US
Status
COMPLETED
Redirect Chain (6 hops)
302http://1kx.in/gB5PUp
302https://dc.1kx.in/gB5PUp?domain=1kx.in&requestHost=172.20.140.198&ipaddr=141.11.126.123
302https://dc.1kx.in/gB5PUp?domain=1kx.in&requestHost=172.20.140.198&ipaddr=141.11.126.123&redirect=true
302https://nnyagency.g2afse.com/click?pid=68&offer_id=346&sub4=AU_45562323_60278
302https://visitygo.io/7jZssN?c=0672uXCAfQTagn9d895096fb5eb28d&clickid=69e20b9c811a6400012fdedb&utm_campaign=68
302https://luckyspy.com/sign-up?promo=0672uXCAfQTagn9d895096fb5eb28d&utm_source={utm_source}&utm_campaign=68&utm_medium={utm_medium}&utm_content={utm_content}&utm_term={utm_term}&clickid=69e20b9c811a6400012fdedb&pid={pid}&saff_id={saff_id}&http_referer={http_referer}
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
LuckySpy Casino
Vendors
28/30
Status
partial
✓ brightcloud✗ bitdefender✓ microsoft✗ norton✓ urlquery✓ yandex✓ polyswarm✓ eset✓ drweb✓ avast✓ avg✓ apwg✓ urlscan✓ sophos✓ phishreport✓ apple✓ cisa✓ netcraft✓ isitphish✓ emsisoft✓ openphish✓ spamhaus✓ phishtank✓ virustotal✓ kaspersky✓ urlabuse✓ threatyeti✓ mcafee✓ google✓ fortiguard
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
LuckySpy Casino
Unknowngambling · 4/29/2026
Summary
The scanned domain 1kx.in redirects to luckyspy.com which presents LuckySpy Casino branding. The page contains a login form and password field, but the visual evidence and URL paths indicate the site is a third-party gambling/affiliate/abuse platform rather than an official Lucky Spy casino domain. The domain 1kx.in is a typosquat-like domain that redirects to luckyspy.com, but the page itself appears to be LuckySpy’s own site rather than an impersonation of another brand. No clear credential harvesting or malware delivery found beyond typical login UI; however, the presence of a sign-up modal and tracking endpoints suggests potential data collection behavior consistent with an affiliate/chat widget integration.
Evidence Summary
▸Observed 3 capture stage(s); canonical stage is late_render_3s.
▸Canonical stage contains password collection UI.
▸POST targets observed during capture: https://luckyspy.com/btag/visitor?brandId=luckyspy, https://luckyspy.com/btag/guest-page-view/HYBRID-62925a04-3a48-11f1-8a10-0242ac120004?brandId=luckyspy, https://luckyspy.com/pre-chat/api/ask/get-setting.
▸Distinctive asset clues: yii.js, webpush.js, iconfont.css, app.css, 699c2dbabf9df851167781.png, logo_dark.svg.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 1
Password fields: 1
Late-stage login UI: No
Resource Signals
Resources: 170
Hosts: 10
Domains: 9
Suspicious Endpoints
hxxps://luckyspy[.]com/pre-chat/api/ask/get-setting
hxxps://luckyspy[.]com/en/sign-up
Observed Signals (1)
Typosquatting-related domain used as a gateway (1kx.in) with final landing on LuckySpy branding
Observed Indicators (0)
No suspicious indicators identified
Risk AssessmentUsed in abuse reports
The domain 1kx.in is a typosquatted gateway that redirects to luckyspy.com, which is a legitimate-looking LuckySpy Casino page with login UI and affiliate/tracking endpoints. This pattern is consistent with credential harvesting risk when a typosquat points to a brand’s landing page; combined with password field presence and sign-up modal, there is potential for user data collection if login actions are captured by LuckySpy’s scripts. However, the page ultimately appears to be a LuckySpy property rather than a seamless impersonation of a different brand. Recommend monitoring and verification of domain ownership and UX targeting; consider phishing risk due to typosquatting and potential credential collection via the sign-up/login surface.
Recommended Action
Monitor
Cross-Reference9
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API