# betux.cc — MALICIOUS

> betux.cc identified as a crypto drainer phishing site; 5/95 VirusTotal detections, mimics crypto platforms to steal digital assets.

## Summary
PhishDestroy identifies betux.cc as an active crypto drainer phishing site with elevated risk and confirmed malicious intent. This domain was flagged by 5 out of 95 VirusTotal security vendors, confirming its use in credential theft and wallet draining campaigns targeting cryptocurrency users. The site employs brand impersonation of legitimate crypto platforms to deceive victims into connecting their digital wallets, where unauthorized transactions are then executed to drain funds.

Technical indicators further substantiate the threat profile of betux.cc. The domain was registered on February 16, 2026, through CNOBIN INFORMATION TECHNOLOGY LIMITED, a registrar known for facilitating anonymity in malicious domain registrations. It resolves to IP address 172.67.167.41, a hosting infrastructure linked to multiple phishing and fraudulent campaigns. Despite using a Google Trust Services SSL certificate, which may lend a false sense of legitimacy, the domain remains actively flagged across security platforms, with no improvement in detection rates since initial identification. The timing of domain creation—less than two months prior to this report—suggests a recent and rapidly evolving threat.

Users and organizations are strongly advised to avoid accessing betux.cc or any subdomains and to immediately block the associated IP and domain on all network and endpoint security systems. If wallet connection was attempted, disconnect immediately and revoke any unauthorized permissions via blockchain explorers or wallet interfaces. Report suspicious domains to cybersecurity teams and financial institutions to prevent further exploitation. Exercise heightened scrutiny when encountering newly registered crypto-related domains, especially those touting exclusive offers or urgent investment opportunities.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-16 11:32:36
- Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
- IP: 172.67.167.41

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3e002d78-7ccb-4dfa-95b2-240efbd35859
- PhishDestroy: https://phishdestroy.io/domain/betux.cc/
- LLM endpoint: https://phishdestroy.io/domain/betux.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/betux.cc/
Last updated: 2026-04-13