# PhishDestroy threat dossier — bet613.cc
================================================================

Fetched:   2026-05-17 14:46:34 UTC
Canonical: https://phishdestroy.io/domain/bet613.cc/

## VERDICT
----------------------------------------------------------------
ACTIVE THREAT — multiple warning signs
Composite threat score: 50/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      14/95 security vendors flagged this domain
  Flagging vendors: ADMINUSLabs, alphaMountain.ai, BitDefender, ESET, Emsisoft, Forcepoint ThreatSeeker, Fortinet, G-Data, LevelBlue, Lionic, Netcraft, OpenPhish, Sophos, Webroot
URLQuery:        2 detections

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      122.10.20.69 (HK, Hong Kong)
ASN:             AS134548 DXTL Tseung Kwan O Service
Hosting org:     HongKong Service
Registrar:       GoDaddy.com, LLC
Nameservers:     ns1.dnsip.com, ns2.dnsip.com
Registered:      2026-05-11
Page title:      bet365
HTTP response:   200

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Let's Encrypt / R13
Expires:    2026-08-10
Status:     INVALID chain
Fingerprint: b44d4a116fcb02766aafbd01194b7061f97c60a133d908ae51c5748c63eb1aa2
Subject Alternative Names (related infrastructure — often same operator):
  - www.bet613.cc

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-05-11 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-05-17 15:22:33 UTC (by PhishDestroy tracker)
First reported:    2026-05-17 12:23:00 UTC (abuse notice filed)
Last verified:     2026-05-17 17:39:32 UTC
Current status:    ACTIVE / observable

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019e35e2-1500-7209-9aa4-9fe11778a644/
URLQuery:         https://urlquery.net/report/f8a3d8e3-05ee-410c-b29d-121187ad0e94
Wayback Machine:  https://web.archive.org/web/*/bet613.cc
crt.sh CT logs:   https://crt.sh/?q=%25.bet613.cc
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=bet613.cc
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/bet613.cc
URLhaus:          https://urlhaus.abuse.ch/host/bet613.cc/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-05-17 15:22:56 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies domain bet613.cc as an active generic phishing site engaged in credential theft campaigns. Threat assessment confirms elevated risk with confirmed malicious activity targeting unsuspecting users through deceptive login portals. Security researchers and end-users should treat this domain as hostile and refrain from any form of interaction.  This domain was flagged by 14 of 95 VirusTotal vendors at the time of analysis, demonstrating significant malicious reputation across multiple detection engines. The domain was registered through GoDaddy.com, LLC and resolves to IP address 122.10.20.69. The SSL certificate issued by Let's Encrypt may be used to lend false legitimacy to phishing pages. Domain creation occurred on May 11, 2026, indicating recent deployment likely targeting current events or trending services. Despite its recent registration, the domain has already attracted attention from security vendors, though trust scores remain critically low due to the absence of legitimate content or verifiable ownership.  The domain remains active and poses a direct threat to users who may be deceived by spoofed login interfaces. Immediate action is recommended: block the domain at network and endpoint levels using DNS filtering or firewall rules targeting 122.10.20.69. Users who may have entered credentials should immediately change passwords on all related accounts and enable multi-factor authentication. Security teams are advised to monitor for any derivatives or subdomains of bet613.cc and report findings to threat intelligence platforms. Exercise heightened scrutiny for any web communications referencing this domain or its associated infrastructure.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260517-68C8B4
Favicon MD5:       7e9409770697f57e612c302a06d85ef7
TLS cert SHA-256:      b44d4a116fcb02766aafbd01194b7061f97c60a133d908ae51c5748c63eb1aa2

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/bet613.cc/
JSON API:          https://api.destroy.tools/v1/check?domain=bet613.cc
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 150,665 domains (28,795 alive under monitoring, 121,587 confirmed takedowns/dead). Site: https://phishdestroy.io