# bybitloginnn.gitbook.io — MALICIOUS > PhishDestroy flags bybitloginnn.gitbook.io as a crypto drainer impersonating Bybit. 10/95 security vendors detected malware. Verify safety before clicking. ## Summary PhishDestroy identifies bybitloginnn.gitbook.io as an active brand impersonation domain specifically designed to deceive users into surrendering Bybit login credentials. This domain mimics the official Bybit login experience to harvest private keys, 2FA codes, or API tokens, enabling direct theft from cryptocurrency wallets or exchange accounts. The threat is classified as elevated due to its targeted impersonation of a major exchange and the presence of a crypto drainer payload, which automatically transfers funds upon authentication. This domain was flagged by PhishDestroy with concrete technical indicators: VirusTotal detected malicious content with 10 out of 95 security vendors flagging the domain; it was registered through Cloudflare, Inc.; and the SSL certificate was issued by Google Trust Services. Additionally, this domain resolves to IP 104.18.40.47 and was created on March 30, 2014, indicating long-term availability for malicious use. The combination of high-risk impersonation, partial detection by security tools, and sustained hosting infrastructure elevates the risk profile for unsuspecting users. If you visited bybitloginnn.gitbook.io, immediately revoke any connected API keys or permissions on your Bybit account, disable 2FA, and transfer assets to a cold wallet. Do not enter any credentials or allow wallet connections. Use PhishDestroy’s verification tool to confirm the legitimacy of any Bybit-related link before interaction. Report the domain to Bybit’s abuse team and your local cybercrime unit if fraudulent activity occurred. Always access Bybit exclusively through its verified domains (bybit.com) or official app channels. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Bybit ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 104.18.40.47 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/92687cae-e611-4307-bc23-99e20ddfea45 - PhishDestroy: https://phishdestroy.io/domain/bybitloginnn.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/bybitloginnn.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bybitloginnn.gitbook.io/ Last updated: 2026-04-12