# bybitexe.cc — SUSPICIOUS

> Warning: bybitexe.cc impersonates Bybit and is flagged for social engineering. The domain is offline but remain cautious of similar phishing sites.

## Summary
PhishDestroy identifies bybitexe.cc as a medium-risk phishing domain impersonating the cryptocurrency exchange Bybit. This brand impersonation tactic aims to deceive users into divulging sensitive information or credentials, posing a serious risk to personal and financial security. Awareness of such threats is crucial as attackers leverage trusted brand names to enhance credibility.

The domain bybitexe.cc was registered through Dominet (HK) Limited on February 21, 2026, and historically resolved to the IP 172.67.190.52. It has been flagged by Google Safe Browsing for social engineering and appears on at least one security blocklist. VirusTotal analysis revealed 3 out of 95 security vendors detected malicious activity, indicating some recognition of its suspicious nature. Currently, the site is taken offline, reducing immediate risk but users should stay vigilant.

Users are advised to avoid interacting with bybitexe.cc or similar URLs claiming affiliation with Bybit or other financial platforms. Always verify domain authenticity by accessing official websites directly and enabling multi-factor authentication where available. Reporting suspicious sites to authorities and using security tools that flag social engineering threats can further protect against phishing attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Target brand: Bybit
- Page title: bybitexe.cc/

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2027-01-01 00:00:00
- Registrar: Dominet (HK) Limited
- Country: HK
- IP: 172.67.190.52
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["gabe.ns.cloudflare.com", "tess.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["alphaMountain.ai", "Forcepoint ThreatSeeker", "SOCRadar"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c4ace-4dbb-71f2-829d-e5008116860d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a02fcf21-bc13-4bb2-8b39-95365a3a02a9
- Wayback Machine: https://web.archive.org/web/https://bybitexe.cc
- PhishDestroy: https://phishdestroy.io/domain/bybitexe.cc/
- LLM endpoint: https://phishdestroy.io/domain/bybitexe.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bybitexe.cc/
Last updated: 2026-03-19