# ai-scans.net — SUSPICIOUS

> Discover if ai-scans.net is a phishing site exploiting AI claims with 0/95 VirusTotal detections. Check the full report now.

## Summary
PhishDestroy identifies ai-scans.net as an active phishing domain under investigation, currently classified as a generic phishing threat. The site leverages AI-themed branding to deceive users into disclosing sensitive information under the guise of 'secure AI scans'. VirusTotal currently flags 0/95 engines as malicious, indicating a low detection rate despite red flags. The domain resolves to IP 188.114.97.3, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 24, 2026. Key indicators include a Let's Encrypt SSL certificate, which may falsely imply legitimacy, and the exceptionally recent creation date—suggesting a hastily deployed operation likely targeting unsuspecting users or exploiting emerging AI trends. Blocklist status remains unverified, but the combination of recent registration, low detection rates, and thematic deception warrants immediate scrutiny.


Technical analysis reveals a sophisticated evasion strategy: the domain avoids immediate blacklisting through short operational tenure and the use of a reputable SSL issuer. The registrar, NICENIC INTERNATIONAL, is known for accommodating high-volume registrations, some associated with malicious activity, though not inherently malicious itself. The IP address 188.114.97.3 hosts multiple domains, some previously flagged for low-reputation behavior, increasing the risk of collateral exposure. The absence of detections on VirusTotal (0/95) is misleading—many phishing kits now employ polymorphic obfuscation and delayed payload activation to bypass static scanning engines. The AI-themed branding (e.g., 'ai-scans') is a deliberate tactic to exploit current user trust in artificial intelligence tools, increasing click-through rates and lowering user skepticism.


Mitigation requires immediate, targeted actions: users must avoid interacting with the domain and report it via browser warnings or PhishDestroy’s submission portal. Organizations should block the domain at the DNS level and flag the IP range (188.114.97.0/24) in firewall rules. Security teams should investigate inbound links to ai-scans.net in email or web traffic logs. Given the low detection rate, heuristic monitoring tools should be updated to flag domains with AI-themed keywords, recent creation dates, and Let's Encrypt certificates as suspicious. Finally, users should verify any 'AI scan' service through official vendor websites, not third-party domains, to prevent credential harvesting or malware delivery under the pretext of AI validation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 12:59:26
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ece25781-a7b6-4ceb-9f1a-96f4c302ead6
- PhishDestroy: https://phishdestroy.io/domain/ai-scans.net/
- LLM endpoint: https://phishdestroy.io/domain/ai-scans.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ai-scans.net/
Last updated: 2026-04-01