# bp-drop.live — SUSPICIOUS

> bp-drop.live is a fraudulent airdrop scam impersonating 'Backpack — Airdrop Calculator.' Registered March 28, 2026, flagged by Google Safe Browsing.

## Summary
PhishDestroy identifies bp-drop.live as an active brand impersonation domain targeting cryptocurrency users with a fraudulent airdrop scam. This domain masquerades as 'Backpack — Airdrop Calculator,' a legitimate service, to deceive victims into connecting wallets or submitting sensitive data. The threat involves social engineering, leveraging the trust associated with airdrop campaigns to steal cryptocurrency assets or harvest private keys. No drainer kit signatures were detected in this initial analysis, but the page title and domain name are explicitly crafted to mislead users seeking legitimate airdrop tools.  

This domain exhibits multiple red flags across technical indicators. VirusTotal currently reports 0/95 detections, indicating it remains under the radar of most antivirus engines as of this assessment. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 28, 2026, a relatively recent creation suggesting opportunistic abuse. It resolves to IP address 104.21.17.32, hosted on Cloudflare infrastructure, which is commonly exploited by threat actors to obfuscate malicious activity. Google Safe Browsing has already flagged this domain with a SOCIAL_ENGINEERING classification, confirming its deceptive intent. While no active blocklist entries were noted in the available data, the combination of recent registration, impersonation branding, and GSB flagging elevates its risk profile significantly.  

As of this report, bp-drop.live is classified under investigation with an active status, indicating ongoing monitoring by threat intelligence platforms. Immediate blocking of this domain at the network and endpoint level is recommended to prevent user exposure. Users should avoid accessing this site entirely and verify any airdrop-related URLs through official channels. The remaining risk is classified as high due to the domain's active status, lack of widespread detection, and clear intent to impersonate a legitimate service. Organizations are advised to update firewall rules, DNS blocklists, and endpoint protection policies to include this indicator. Continuous monitoring is essential as this domain may evolve to incorporate drainer scripts or additional evasion techniques.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Airdrop Scam
- Page title: Backpack — Airdrop Calculator

## Domain Intelligence
- Registered: 2026-03-28 23:42:25
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.17.32

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e8cdfb20-b1a1-455e-b0c1-82bfee10e1c3
- PhishDestroy: https://phishdestroy.io/domain/bp-drop.live/
- LLM endpoint: https://phishdestroy.io/domain/bp-drop.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bp-drop.live/
Last updated: 2026-03-29