# blast-bag.fun — MALICIOUS

> Safety check reveals blast-bag.fun hosting crypto drainer targeting visitors; VirusTotal flags 16/95 vendors. Avoid this page immediately.

## Summary
PhishDestroy identifies blast-bag.fun as a live credential-theft site designed to trick visitors into surrendering sensitive login details. Tech-savvy users who spot unfamiliar URLs or unexpected login prompts should never enter credentials and should leave the page right away. Never reuse passwords across services, and enable two-factor authentication wherever possible.  This domain was flagged by multiple threat feeds because it exhibits classic red flags: it appeared on 1 security blocklist, sparked alerts in Maltrail, and was registered only days ago on March 07, 2026 through PDR Ltd. (PublicDomainRegistry.com). It resolves to the IP address 104.21.10.72 and sports a Let’s Encrypt SSL certificate to appear more trustworthy. VirusTotal shows 16 out of 95 security vendors rate the site malicious, which is an elevated level for fresh domains.  If you already visited blast-bag.fun, assume your credentials may be compromised. Change passwords for every account that shares any reused password and revoke any browser-stored tokens for that site. Enable hardware-based two-factor authentication on high-value accounts and run a reputable antivirus scan on the device you used to access the domain. Report the URL to your IT or SOC team so they can block it at the network perimeter.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-07 00:57:19
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.10.72

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Maltrail"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3a7419d1-7ac6-427a-89fb-80166c3bb9c4
- PhishDestroy: https://phishdestroy.io/domain/blast-bag.fun/
- LLM endpoint: https://phishdestroy.io/domain/blast-bag.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/blast-bag.fun/
Last updated: 2026-03-22