This sucks, I think if you used the genuine URL you will be OK. My concern is that you sent your BTC to a phishing URL (please say it was the genuine website).
That's not enough, if you use non onion websites on Tor,
many exit nodes try to steal your Bitcoin:
They (selectively) remove HTTP-to-HTTPS redirects to gain full access to plain unencrypted HTTP traffic without causing TLS certificate warnings.
That did not happen. The 13 BTC went to the address specified in the genuine website, currently unspent in the blockchain.
I know the site was genuine and the coins went to the correct address.