# PhishDestroy threat dossier — linebetx.top ================================================================ Fetched: 2026-07-04 02:19:47 UTC Canonical: https://phishdestroy.io/domain/linebetx.top/ ## VERDICT ---------------------------------------------------------------- HIGH THREAT — malicious activity confirmed Composite threat score: 77/100 (PhishDestroy scoring — see methodology below) Targeted brand: Crypto Casino / Gambling ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 14/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, BitDefender, CRDF, CyRadar, Emsisoft, Forcepoint ThreatSeeker, Fortinet, G-Data, Gridinsoft, Kaspersky, Lionic, Netcraft, SOCRadar, Sophos AlienVault OTX: 1 pulses (threat-intel feed mentions) Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.67.151.165 (CA, Toronto) ASN: AS13335 Cloudflare, Inc. Hosting org: Cloudflare, Inc. Registrar: Global Domain Group LLC Nameservers: brady.ns.cloudflare.com, heidi.ns.cloudflare.com Registered: 2026-07-01 Expires: 2027-07-01 Page title: Linebetx | Decentralized Web3 Gambling Site with Provable Trust HTTP response: 403 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE1 Expires: 2026-09-29 Status: INVALID chain Fingerprint: 61c959da951bdc3a543505e9ba9772ea100123eff421e4c24babae7e3507c45f ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-07-01 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-03 16:43:08 UTC (by PhishDestroy tracker) First reported: 2026-07-03 14:45:33 UTC (abuse notice filed) Last verified: 2026-07-04 04:15:09 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f286e-1b77-70c1-855a-f27b8d878305/ URLQuery: https://urlquery.net/report/85082e66-4e29-4c6d-8914-7c6f4ddb6868 Wayback Machine: https://web.archive.org/web/*/linebetx.top crt.sh CT logs: https://crt.sh/?q=%25.linebetx.top Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=linebetx.top AlienVault OTX: https://otx.alienvault.com/indicator/domain/linebetx.top URLhaus: https://urlhaus.abuse.ch/host/linebetx.top/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-03 16:44:53 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is flagged for brand impersonation targeting cryptocurrency gambling platforms, specifically mimicking decentralized Web3 betting services. The risk level remains under investigation due to its active status and lack of prior detection, though the infrastructure exhibits characteristics consistent with phishing or fraudulent operations. Analysis indicates the domain poses a potential threat to users seeking legitimate crypto casino services by presenting itself as a trustworthy alternative. Infrastructure analysis reveals the domain linebetx.top was registered on July 01, 2024, through Global Domain Group LLC, a registrar frequently associated with high-risk domains. It resolves to the IP address 172.67.151.165, which is part of a content delivery network known to obscure hosting origins. The SSL certificate is issued by Google Trust Services, providing a veneer of legitimacy, while VirusTotal reports zero detections out of 95 engines, suggesting the domain has not yet been widely flagged. No blocklist entries or trust score degradations were identified at the time of assessment, though the creation date and registrar choice raise concerns about its intent. Mitigation steps for this threat type include monitoring for user reports of financial loss or credential theft linked to this domain. Network defenders should consider blocking or sinkholing the IP address 172.67.151.165 and implementing DNS-based filtering for the domain. Users should be educated to verify gambling platform authenticity by cross-referencing official branding, checking for provable fairness mechanisms, and confirming domain registration details through reputable WHOIS services. Given the domain’s active status and lack of prior detection, continuous monitoring for malicious activity is recommended. [Updates since narrative was generated:] - Public blocklists: now listed on 1 feed ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260703-F6DBFD Favicon MD5: 11c501aa6eca37500e9884a448286f36 TLS cert SHA-256: 61c959da951bdc3a543505e9ba9772ea100123eff421e4c24babae7e3507c45f ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/linebetx.top/ JSON API: https://api.destroy.tools/v1/check?domain=linebetx.top Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 174,417 domains (12,388 alive under monitoring, 161,211 confirmed takedowns/dead). Site: https://phishdestroy.io