# bybit-ru.com — MALICIOUS

> bybit-ru.com is a high-risk phishing domain impersonating Bybit. Avoid interaction and verify official sources to protect your data and assets.

## Summary
PhishDestroy identifies bybit-ru.com as a high-risk brand impersonation domain targeting users of the cryptocurrency exchange Bybit. This type of threat is significant because it aims to deceive users into believing they are interacting with a legitimate platform, potentially leading to credential theft, financial loss, or unauthorized access to sensitive information. Brand impersonation scams like this exploit user trust and can cause severe damage to both individuals and the targeted company's reputation.

Analysis of bybit-ru.com's infrastructure reveals that the domain was created recently on February 21, 2026, and remains active. It resolves to IP address 94.154.35.90 and has been flagged by 15 out of 95 security vendors on VirusTotal, indicating a notable detection rate. Additionally, the domain appears on a security blocklist and has been referenced in four AlienVault OTX threat intelligence pulses, further confirming its malicious activity. The page title, "Bybit | Старт торговли," reinforces its attempt to mimic the authentic Bybit trading platform, making it more convincing to Russian-speaking users.

Users are strongly advised to avoid clicking on links or providing any personal information on bybit-ru.com. Instead, always access Bybit services through official channels and verify URLs carefully. Employing updated security software and enabling multi-factor authentication on legitimate accounts can further mitigate risks. Reporting suspicious domains like bybit-ru.com helps improve collective cybersecurity defenses and protect the broader user community.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Target brand: Bybit
- Page title: Bybit | Старт торговли

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 94.154.35.90
- SSL Issuer: R12

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Cluster25", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb28a-46ac-70d2-abbe-60b66bc49d7c.png
- PhishDestroy: https://phishdestroy.io/domain/bybit-ru.com/
- LLM endpoint: https://phishdestroy.io/domain/bybit-ru.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bybit-ru.com/
Last updated: 2026-03-19