# PhishDestroy threat dossier — bayoubyte.org ================================================================ Fetched: 2026-04-23 14:51:24 UTC Canonical: https://phishdestroy.io/domain/bayoubyte.org/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 49/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 13/95 security vendors flagged this domain Flagging vendors: ADMINUSLabs, alphaMountain.ai, BitDefender, Chong Lua Dao, CyRadar, ESET, Forcepoint ThreatSeeker, Fortinet, G-Data, Kaspersky, Lionic, Sophos, VIPRE URLQuery: 3 detections ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 163.61.188.7 (US, Staten Island) ASN: AS153568 NEW DHAKA HARDWARE Hosting org: MIT Registrar: TuringSign Inc. d/b/a Cosmotown Nameservers: dns1.lytehosting.com, dns2.lytehosting.com, dns3.lytehosting.com, dns4.lytehosting.com, ns1.cprapid.com, ns2.cprapid.com Registered: 2025-10-02 Page title: BayouByte – Secure Digital Asset Management | BayouByte HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R13 Expires: 2026-07-14 Status: INVALID chain Fingerprint: ce3bfbb620276fec20b922e23f6881a89726fe1e63ef754f97c85606698662cc Subject Alternative Names (related infrastructure — often same operator): - mail.bayoubyte.org - www.bayoubyte.org ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2025-10-02 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-23 14:09:11 UTC (by PhishDestroy tracker) First reported: 2026-04-23 11:09:55 UTC (abuse notice filed) Last verified: 2026-04-23 17:48:44 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dba06-afd4-731d-b498-9d02bfaa413d/ URLQuery: https://urlquery.net/report/9cb8a706-ea45-4f1e-bbca-1ea687cfd4b5 Wayback Machine: https://web.archive.org/web/*/bayoubyte.org crt.sh CT logs: https://crt.sh/?q=%25.bayoubyte.org Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=bayoubyte.org AlienVault OTX: https://otx.alienvault.com/indicator/domain/bayoubyte.org URLhaus: https://urlhaus.abuse.ch/host/bayoubyte.org/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-23 14:09:40 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies the active credential-phishing domain BayouByte.org as part of an ongoing campaign designed to harvest user login credentials and sensitive personal information. This domain was flagged by 13 of 95 VirusTotal security vendors, raising an elevated risk signal due to its recent creation and active hosting infrastructure. BayouByte.org resolves to IP address 163.61.188.7, is registered through TuringSign Inc. d/b/a Cosmotown, and was created on October 2, 2025. The domain operates under a Let's Encrypt SSL certificate, enhancing its appearance of legitimacy while concealing malicious intent. Current telemetry confirms active phishing pages hosted on this domain, targeting users with spoofed login interfaces. Risk remains elevated as the infrastructure is newly established and lacks historical trust. To mitigate exposure, organizations and individuals are advised to block 163.61.188.7 at the network perimeter and disable access to BayouByte.org via DNS filtering. Users who may have entered credentials are urged to reset passwords immediately and enable multi-factor authentication on all relevant accounts. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260423-AF7447 Favicon MD5: edd05a7f2e62bcc1a5c583588d2d4d38 TLS cert SHA-256: ce3bfbb620276fec20b922e23f6881a89726fe1e63ef754f97c85606698662cc ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/bayoubyte.org/ JSON API: https://api.destroy.tools/v1/check?domain=bayoubyte.org Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io