# cryptobonusindia-com.pages.dev — SUSPICIOUS > Fake 'Crypto Bonus India' scam on Cloudflare Pages (cryptobonusindia-com.pages.dev) stealing credentials. 0/95 VirusTotal detections. Avoid and report. ## Summary PhishDestroy identifies cryptobonusindia-com.pages.dev as an active generic phishing site impersonating a fake crypto bonus offer targeting Indian investors. The domain leverages Cloudflare Pages and Let's Encrypt to host a fraudulent website, likely aimed at harvesting cryptocurrency wallet credentials or personal financial data. No known drainer kit association has been confirmed at this stage, but the page structure and content strongly suggest a credential theft or direct fund-draining campaign. The threat actor appears to exploit Cloudflare's free hosting and SSL infrastructure to enhance credibility and evade initial detection. This domain was flagged with a VirusTotal detection score of 0/95 as of the latest scan, indicating it remains undetected by mainstream security vendors. It is registered through Cloudflare, Inc., resolving to IP address 172.66.44.119. The domain uses a Let's Encrypt SSL certificate, which may contribute to user trust. As of now, no confirmed creation date is available publicly, and its status on Google Safe Browsing (GSB) or major blocklists is undetermined. The lack of detections suggests either a very recent deployment or a well-disguised threat that has evaded initial triage mechanisms. The campaign is active and poses a significant risk to users seeking crypto-related bonuses or investment opportunities. Immediate action is advised: users should avoid visiting the site and report it through appropriate channels such as Google Safe Browsing, PhishTank, or local cybercrime reporting platforms. While the current risk level is marked as under investigation, the combination of low detection rates, use of reputable infrastructure, and targeting of financial incentives increases the potential for victimization. Remaining risk includes further domain expansion, credential theft, or integration into larger phishing-as-a-service operations. Continuous monitoring and proactive blocking at the network level are strongly recommended. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.119 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/aaa7390a-27a6-4c60-a177-aa0d4fdceb55 - PhishDestroy: https://phishdestroy.io/domain/cryptobonusindia-com.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/cryptobonusindia-com.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cryptobonusindia-com.pages.dev/ Last updated: 2026-04-12