# nado-bonus.xyz — SUSPICIOUS

> nado-bonus.xyz is linked to phishing activity. Stay alert, avoid sharing personal info, and verify site legitimacy before interacting.

## Summary
PhishDestroy identifies nado-bonus.xyz as a medium-risk generic phishing domain, a threat that aims to deceive users into revealing sensitive information such as passwords or financial details. This kind of fraud is significant because it can lead to identity theft, financial loss, and unauthorized access to personal accounts. The domain's active status and use of a vague page title "Un instant…" suggest it is currently operational and potentially targeting unsuspecting users.

The domain nado-bonus.xyz was created on March 11, 2026, and is registered through NiceNIC International Group Co., Limited. It resolves to IP address 172.67.209.66, which is associated with infrastructure known for hosting suspicious activities. VirusTotal flagged it by 4 out of 95 security vendors, indicating some recognition of malicious behavior, and it appears on at least one security blocklist. This information collectively strengthens the evidence that this domain is involved in phishing campaigns and should be treated with caution.

Users are advised to refrain from interacting with nado-bonus.xyz or submitting any personal or financial data on it. Always double-check URLs and avoid clicking on suspicious links received via email or social media. Employing updated antivirus software and enabling multi-factor authentication where possible can reduce the risk of compromise. Monitoring accounts for unusual activity and reporting suspicious domains to security platforms like PhishDestroy helps protect the community from emerging phishing threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 200)
- Page title: Un instant…

## Domain Intelligence
- Registered: 2026-03-11 19:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.209.66
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["josh.ns.cloudflare.com", "raphaela.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce201-8a44-74ac-8ce7-98b8250e1129.png
- PhishDestroy: https://phishdestroy.io/domain/nado-bonus.xyz/
- LLM endpoint: https://phishdestroy.io/domain/nado-bonus.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nado-bonus.xyz/
Last updated: 2026-03-19