# bonusrosem.com — MALICIOUS

> The phishing domain bonusrosem.com is actively mimicking Turkish bonus sites with a 7/95 VirusTotal detection rate. Check the full report.

## Summary
PhishDestroy identifies the domain bonusrosem.com as a high-risk phishing infrastructure leveraging Turkish-language lures to impersonate legitimate promotional sites. The page title 'Deneme Bonusu Veren Siteler 2026 - Bonusrosem' explicitly targets users searching for trial bonuses in 2026, indicating a clear attempt to harvest credentials or financial data through fraudulent sign-up offers. No specific brand or drainer kit affiliation has been confirmed in open-source intelligence, suggesting this may be an opportunistic campaign rather than a sophisticated APT-backed operation.

Technical analysis reveals critical indicators: the domain resolves to IP 188.114.97.3, was registered on April 13, 2026, via Cloudflare, Inc., and utilizes a Google Trust Services SSL certificate for added legitimacy. VirusTotal flags the domain at 7/95 security vendors, while its recent creation date and active status underscore its emergent threat profile. Despite affiliation with Cloudflare’s infrastructure, the domain has not been blocklisted by major providers at the time of analysis.

As of the latest assessment, bonusrosem.com remains active and poses a sustained risk to users seeking bonus offers. Immediate mitigation includes network-level blocking of the domain and IP, alongside user advisories to avoid interacting with unsolicited promotional links. The remaining risk is elevated due to the domain’s recent activation and the absence of universal blocklisting, warranting heightened vigilance from SOC teams and end-users alike.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Page title: Deneme Bonusu Veren Siteler 2026 - Bonusrosem

## Domain Intelligence
- Registered: 2026-04-13 04:48:45
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e6f25710-2be4-4320-adb3-8559d7c05f92
- PhishDestroy: https://phishdestroy.io/domain/bonusrosem.com/
- LLM endpoint: https://phishdestroy.io/domain/bonusrosem.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bonusrosem.com/
Last updated: 2026-04-14