# go-bag.fun — MALICIOUS

> Discover details on go-bag.fun, a phishing domain falsely advertising a Nobody Sausage airdrop. Learn about its risks and current offline status.

## Summary
PhishDestroy identifies go-bag.fun as a medium-risk generic phishing domain, masquerading under the guise of a "Nobody Sausage" airdrop promotion. The domain was created on February 21, 2026, and was used to lure users with fraudulent offers likely aimed at harvesting sensitive information or credentials.

Technical indicators show the domain resolved to IP address 188.114.96.3 and was registered through PDR Ltd. d/b/a PublicDomainRegistry.com. It appeared on two security blocklists and was flagged by 7 out of 95 security vendors on VirusTotal, indicating some level of detection by security tools. Additionally, it was observed in one AlienVault OTX threat intelligence pulse, confirming its presence in threat data feeds.

As of now, go-bag.fun is taken offline, effectively neutralizing its phishing activity. Users are advised to remain cautious of similar airdrop campaigns and verify legitimacy before interacting. PhishDestroy continues to monitor related threat intelligence to protect users from emerging phishing threats involving counterfeit airdrop schemes.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Nobody Sausage | Airdrop

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: autumn.ns.cloudflare.com logan.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["alphaMountain.ai", "Forcepoint ThreatSeeker", "Gridinsoft", "Seclookup", "SOCRadar", "Sophos", "Trustwave"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c0dc4-9e9a-702a-9654-71859f877c3b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9abd5c28-b58c-4e3f-830a-14406796870d
- PhishDestroy: https://phishdestroy.io/domain/go-bag.fun/
- LLM endpoint: https://phishdestroy.io/domain/go-bag.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/go-bag.fun/
Last updated: 2026-03-19