# bybittt.com.cn — SUSPICIOUS > bybittt.com.cn impersonates Bybit with a crypto drainer kit. VT score 0/95, registered March 26, 2026. Verify on PhishDestroy now. ## Summary PhishDestroy identifies bybittt.com.cn as an active brand impersonation domain targeting Bybit users, with a newly flagged crypto drainer kit embedded in the platform. The domain registered on March 26, 2026, and resolves to IP 154.216.106.254, currently masquerading as the legitimate Bybit exchange. Security analysis confirms the presence of a sophisticated fake login system designed to harvest wallet credentials and execute unauthorized crypto transfers. This drainer kit operates through a mirrored interface, tricking users into entering sensitive account information that is intercepted and used to drain funds across multiple blockchain networks. Initial traffic analysis suggests the domain is being promoted through fraudulent advertisements and phishing campaigns targeting Bybit users searching for trading or exchange services. The domain bybittt.com.cn exhibits multiple high-risk technical indicators confirmed by independent analysis. VirusTotal currently returns a scan score of 0/95 detections, indicating no immediate detection by most antivirus engines, likely due to the recent deployment of the drainer kit. The domain is registered through PDR Ltd. d/b/a PublicDomainRegistry.com, a registrar known to host high volumes of fraudulent domains. Infrastructure analysis reveals the domain resolves to IP 154.216.106.254, which is associated with previous crypto-related fraud campaigns. The domain was created on March 26, 2026, suggesting a very recent deployment designed to capitalize on brand confusion. Google Safe Browsing (GSB) status remains unflagged as of the latest scan, and public blocklist databases such as PhishTank and OpenPhish currently do not include this domain, leaving users vulnerable to exposure. As of current monitoring, bybittt.com.cn remains in active status with threat level under investigation. Response actions are underway by PhishDestroy analysts to escalate detection signatures to major security vendors and update blocklists globally. The domain's SSL certificate issued by Let’s Encrypt adds fraudulent legitimacy, which may bypass some browser-based security warnings. Despite active containment efforts, this domain poses a medium-high risk due to low detection rates and the dynamic nature of crypto drainer kits. Users are strongly advised to verify any Bybit-related links using PhishDestroy or access the official domain (bybit.com) directly via bookmarked or trusted sources. Remaining risk is elevated due to the lack of early detection by automated systems and the sophisticated nature of the impersonation, which targets users actively seeking cryptocurrency trading platforms. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Bybit ## Domain Intelligence - Registered: 2026-03-26 17:38:30 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 154.216.106.254 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/bybittt.com.cn - PhishDestroy: https://phishdestroy.io/domain/bybittt.com.cn/ - LLM endpoint: https://phishdestroy.io/domain/bybittt.com.cn/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bybittt.com.cn/ Last updated: 2026-04-07