# www.bonusledger.net — SUSPICIOUS > bonusledger.net identified as crypto drainer domain with 0/95 VirusTotal detections. Avoid all transactions and report immediately. ## Summary PhishDestroy identifies www.bonusledger.net as an active crypto drainer domain under investigation, posing elevated risk to cryptocurrency users seeking bonus or ledger services. This infrastructure is designed to intercept and divert digital asset transfers to attacker-controlled wallets, exploiting trust in legitimate financial tracking platforms. The domain exhibits several red flags suggesting imminent operational deployment for malicious purposes, warranting immediate defensive measures across security teams and user communities. VirusTotal currently shows 0 detections out of 95 engines for www.bonusledger.net, indicating it remains undetected in most antivirus and threat intelligence platforms as of seed 81d11f. The domain resolves to IP address 216.198.79.1, registered through GoDaddy.com, LLC on November 16, 2025. The SSL certificate is issued by Let's Encrypt, providing deceptive legitimacy to visitors. Despite its recent creation, no entries appear on public blocklists, and reputation scoring services have not flagged this domain, further increasing its potential for successful exploitation against unsuspecting users. Security teams should immediately block traffic to www.bonusledger.net and 216.198.79.1 at network and DNS levels. Users interacting with cryptocurrency platforms must verify URLs through official channels before inputting wallet addresses or transaction details. Consider deploying network rules to inspect TLS traffic for connections to this domain given the presence of a valid Let's Encrypt certificate. Organizations should enhance monitoring of outbound DNS queries to this domain and correlate with wallet address exposure events to detect potential compromise early. Report indicators to threat intelligence platforms to improve collective detection coverage and reduce dwell time. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-11-16 21:14:29 - Registrar: GoDaddy.com, LLC - IP: 216.198.79.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8c6c631a-1182-4dc8-82ab-28c8fd902483 - PhishDestroy: https://phishdestroy.io/domain/www.bonusledger.net/ - LLM endpoint: https://phishdestroy.io/domain/www.bonusledger.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.bonusledger.net/ Last updated: 2026-03-21