# PhishDestroy threat dossier — tettt.busines-help-center.com
================================================================

Fetched:   2026-05-19 04:21:16 UTC
Canonical: https://phishdestroy.io/domain/tettt.busines-help-center.com/

## VERDICT
----------------------------------------------------------------
ACTIVE THREAT — multiple warning signs
Composite threat score: 56/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      20/95 security vendors flagged this domain
  Flagging vendors: ADMINUSLabs, BitDefender, ESET, Emsisoft, Fortinet, G-Data, Kaspersky, LevelBlue, Mimecast, Netcraft, OpenPhish, Seclookup, Sophos, Webroot
URLQuery:        2 detections

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      172.66.0.96 (CA, Toronto)
ASN:             AS13335 Cloudflare, Inc.
Hosting org:     Cloudflare, Inc.
Registrar:       Gransy, s.r.o.
Nameservers:     ns.gransy.com, ns2.gransy.com, ns3.gransy.com, ns4.gransy.com, ns5.gransy.com
Registered:      2026-05-07
Page title:      Accounts Centre
HTTP response:   200

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Google Trust Services / WE1
Expires:    2026-08-16
Status:     INVALID chain
Fingerprint: 5d0e57b8fff57ab2f04540e75eb93b0ca01af3deff62d8d5a0c76d47b97fda34

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-05-07 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-05-19 03:38:55 UTC (by PhishDestroy tracker)
First reported:    2026-05-19 00:39:59 UTC (abuse notice filed)
Last verified:     2026-05-19 07:20:40 UTC
Current status:    ACTIVE / observable

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019e3daa-6c8e-7367-ad94-8f5e9c1da333/
URLQuery:         https://urlquery.net/report/5cf9c3b7-bfc0-42fd-a932-a42e5d9b5741
Wayback Machine:  https://web.archive.org/web/*/tettt.busines-help-center.com
crt.sh CT logs:   https://crt.sh/?q=%25.tettt.busines-help-center.com
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=tettt.busines-help-center.com
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/tettt.busines-help-center.com
URLhaus:          https://urlhaus.abuse.ch/host/tettt.busines-help-center.com/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-05-19 03:39:34 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies the domain tettt.busines-help-center.com as an active crypto drainer currently leveraging phishing tactics to deceive users. This threat is classified under generic phishing with an elevated risk level, indicating ongoing malicious activity designed to siphon cryptocurrency assets. The domain is actively resolving and poses an immediate risk to individuals or entities interacting with it.  PhishDestroy’s analysis of this domain reveals multiple red flags: it is flagged by 14 of 95 VirusTotal security vendors, raising significant concerns regarding its legitimacy. The domain was registered through Gransy, s.r.o., and resolves to IP address 172.66.0.96. Registered on May 07, 2026, this domain benefits from an SSL certificate issued by Google Trust Services, which may lend an air of authenticity to unsuspecting users. Despite its recent registration and deceptive appearance, the domain lacks trustworthiness, with a low blocklist count and minimal reputation across threat intelligence platforms.  Given the active status of this crypto drainer, PhishDestroy strongly advises users to avoid interacting with tettt.busines-help-center.com under all circumstances. Organizations and individuals should review network logs for any connections to the associated IP address 172.66.0.96 and block this domain at the firewall level. Users who may have already engaged with the domain should conduct a thorough audit of their cryptocurrency wallets and revoke any unauthorized permissions. For further investigation or to verify the legitimacy of a domain, PhishDestroy’s tools and threat intelligence database provide critical insights. Staying vigilant and leveraging real-time threat detection resources are essential to mitigating the risks posed by emerging phishing campaigns.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260519-80821F
TLS cert SHA-256:      5d0e57b8fff57ab2f04540e75eb93b0ca01af3deff62d8d5a0c76d47b97fda34

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/tettt.busines-help-center.com/
JSON API:          https://api.destroy.tools/v1/check?domain=tettt.busines-help-center.com
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 151,368 domains (36,783 alive under monitoring, 114,305 confirmed takedowns/dead). Site: https://phishdestroy.io