# bonkbalance.fun — SUSPICIOUS > PhishDestroy identifies bonkbalance.fun as a SOLANA crypto drainer targeting wallet users. Flagged by 0 of 95 VirusTotal vendors. Block immediately. ## Summary PhishDestroy identifies bonkbalance.fun as an active crypto drainer domain posing as a fraudulent “balance tracking” tool targeting SOLANA wallet users. The domain is currently under investigation but exhibits clear indicators of malicious intent, including deceptive branding designed to trick users into connecting wallets and draining crypto assets. While the threat is classified as generic phishing pending further confirmation, the functionality aligns with known wallet-draining attack patterns. This domain was flagged by 0 of 95 VirusTotal vendors as of time of analysis, indicating preliminary evasion capability and low detection coverage. It resolves to IP 104.21.66.25 and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com. The domain was created on March 20, 2026, an unusually recent registration consistent with fast-flux criminal infrastructure. Currently, no public blocklists (e.g., Google Safe Browsing, PhishTank, OpenPhish) list this domain, and it has zero reputation on threat intelligence platforms like URLScan or ThreatFox. The SSL certificate issued by Let’s Encrypt suggests normal TLS usage; however, this does not validate legitimacy, as threat actors frequently abuse valid certificates to appear credible. The domain remains active and unblocked by most security systems, posing an immediate risk to SOLANA wallet users who access it under the false pretense of balance checking or transaction monitoring. PhishDestroy recommends immediate network-level blocking of bonkbalance.fun and its resolving IP (104.21.66.25) across corporate and personal environments. Users should avoid visiting the site and verify any unsolicited links via official sources. Security teams are advised to monitor for similar registrations using the same registrar and registration patterns, especially those targeting SOLANA or other high-value crypto ecosystems. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-20 22:59:30 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 104.21.66.25 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a685e8ad-112b-4ea9-aa9b-3b777140d37f - PhishDestroy: https://phishdestroy.io/domain/bonkbalance.fun/ - LLM endpoint: https://phishdestroy.io/domain/bonkbalance.fun/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bonkbalance.fun/ Last updated: 2026-03-22