# bdagscans.network — MALICIOUS > bdagscans.network is an active crypto wallet drainer phishing domain, flagged by 7/95 security vendors. ## Summary PhishDestroy identifies bdagscans.network as an active generic phishing domain associated with a cryptocurrency wallet drainer campaign. The domain was registered on March 25, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP address 104.21.70.42. Security vendor analysis indicates a 7/95 detection rate on VirusTotal, suggesting elevated risk but limited universal recognition. The domain utilizes a Let's Encrypt SSL certificate, which is commonly abused by threat actors to appear legitimate. No specific brand impersonation or drainer kit has been publicly associated with this domain, though its naming convention suggests a scanning or scanning-related decoy may be involved. This domain exhibits several concerning technical indicators that reinforce its malicious classification. Security vendor detection stands at 7 out of 95 on VirusTotal, indicating partial coverage but not universal blocking. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often associated with high-volume, low-accountability domain registrations. The hosting infrastructure is located at IP 104.21.70.42, which has been linked to various malicious activities in threat intelligence feeds. The domain was created on March 25, 2026, a recent creation date that correlates with the onset of active phishing campaigns. While specific inclusion in Google Safe Browsing (GSB) or other major blocklists is not confirmed, the low detection rate suggests it remains under the radar of most automated defenses. The combination of a newly registered domain, low detection rate, and association with cryptocurrency-related threats elevates the risk profile. As of the latest intelligence, bdagscans.network remains active and poses an elevated threat to users, particularly those engaged in cryptocurrency transactions. Immediate response actions include blocking the domain at the network and DNS levels and flagging the associated IP address for containment. Users should avoid accessing this domain entirely, as interaction may result in the theft of cryptocurrency wallet credentials or direct asset drainage. The remaining risk is moderate to high due to the domain's recent activation and low detection rate, which allows it to bypass some security controls. PhishDestroy recommends updating threat intelligence feeds to include this domain and IP address, and conducting user awareness training to highlight the risks of newly registered domains with cryptocurrency-related naming conventions. Continuous monitoring is advised, as threat actors frequently rotate infrastructure to evade detection. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-25 15:44:09 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.70.42 ## Detection Status - VirusTotal: 7 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/bdagscans.network - PhishDestroy: https://phishdestroy.io/domain/bdagscans.network/ - LLM endpoint: https://phishdestroy.io/domain/bdagscans.network/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bdagscans.network/ Last updated: 2026-04-11