# bybit-mw.com.cn — SUSPICIOUS

> bybit-mw.com.cn hosts a fake Bybit login page designed to steal crypto. Verify on PhishDestroy before clicking. VT: 0/95 detections as of seed 16e81c.

## Summary
PhishDestroy identifies domain bybit-mw.com.cn as a live phishing site impersonating the cryptocurrency exchange Bybit. The page is a fraudulent login portal intended to harvest user credentials and seed phrases, matching the brand’s real login flow to deceive visitors. Categorized as brand_impersonation with a crypto drainer kit embedded, the domain is currently classified as active and under investigation for further malicious payloads.  bybit-mw.com.cn exhibits several red flags: it resolves to IP 154.216.119.25 and uses a Let’s Encrypt SSL certificate. VirusTotal currently shows 0/95 detections (seed 16e81c), indicating low signature detection despite active abuse. The domain was likely registered recently for this campaign, lacks widespread blocklisting, and remains unflagged by Google Safe Browsing (GSB status: clean). Historical WHOIS data may reveal rapid domain rotation typical of crypto drainer operations.  This domain is active and poses a HIGH immediate risk to Bybit users. PhishDestroy continues to monitor and blocklist bybit-mw.com.cn as new IOCs emerge. Users are advised to verify any Bybit-related links using PhishDestroy and avoid entering credentials or seed phrases on untrusted domains. Remaining risk includes potential expansion into broader phishing kits or malware delivery. Immediate mitigation involves DNS sinkholing and certificate revocation where applicable.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Bybit

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 154.216.119.25

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/bybit-mw.com.cn
- PhishDestroy: https://phishdestroy.io/domain/bybit-mw.com.cn/
- LLM endpoint: https://phishdestroy.io/domain/bybit-mw.com.cn/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bybit-mw.com.cn/
Last updated: 2026-04-07