# droplive.fun — SUSPICIOUS > PhishDestroy identifies droplive.fun as a live crypto drainer impersonating major NFT brands. This domain (104.21.6. ## Summary PhishDestroy has flagged droplive.fun as an active crypto drainer scam, designed to steal cryptocurrency from unsuspecting users by impersonating legitimate NFT platforms. The domain leverages deceptive social-engineering tactics, such as fake airdrop offers or urgent transaction alerts, to trick victims into connecting their wallets and signing malicious transactions. Investigations reveal this is part of a broader campaign targeting users of high-value NFT collections, with infrastructure designed to drain funds instantly upon wallet connection. The domain resolves to IP address 104.21.6.28 and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com, with a creation date of March 28, 2026. The site uses a valid Let's Encrypt SSL certificate to appear trustworthy, but it currently shows 0 detections out of 95 on VirusTotal as of the latest scan, indicating it has evaded automated detection systems. Public blocklists and threat intelligence platforms have not yet flagged this domain, placing users at high risk of exposure. The lack of detection highlights the sophisticated nature of the infrastructure, which is likely operated by an experienced threat actor using newly registered domains to avoid blacklisting. As of this report, droplive.fun remains active and unblocked, with an under-investigation risk rating. PhishDestroy continues to monitor and analyze the domain’s behavior, including any drainer kit payloads, wallet interactions, and redirection chains. Users are strongly advised to avoid visiting the site and to verify any suspicious links using PhishDestroy’s real-time scam detection tools. While the immediate risk is high due to low detection rates, ongoing takedown efforts and community reporting may lead to its remediation. However, the domain’s recent creation and clean reputation suggest it could remain active for an extended period, requiring continuous vigilance from both users and security teams. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 16:48:34 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 104.21.6.28 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0bd9a55d-253d-4a84-837a-0f08f7738bcd - PhishDestroy: https://phishdestroy.io/domain/droplive.fun/ - LLM endpoint: https://phishdestroy.io/domain/droplive.fun/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/droplive.fun/ Last updated: 2026-03-29