# everydrop.live — SUSPICIOUS > everydrop.live is a live phishing site posing as a Dropbox clone that harvests login credentials. It resolved to IP 188.114.96. ## Summary PhishDestroy identifies everydrop.live as a live credential-harvesting phishing domain masquerading as a Dropbox clone. This site was created on March 21, 2026, and immediately began luring users into entering their Dropbox credentials into a counterfeit login portal. The domain resolves to IP 188.114.96.3 and is registered through GoDaddy.com, LLC, using a Let’s Encrypt SSL certificate to appear legitimate. Most critically, only 1 out of 95 VirusTotal security vendors currently detect this threat, leaving the majority of automated defenses blind to the campaign. This domain represents an elevated phishing risk due to its recent registration, low detection rate, and mimicry of a widely trusted cloud service. The technical infrastructure includes a single IP address (188.114.96.3) hosted on Cloudflare, with a Let’s Encrypt TLS certificate issued just days after domain creation. The low VirusTotal detection rate of 1/95 suggests that signature-based defenses are not yet effective against this campaign. GoDaddy’s involvement in registration provides no safety guarantee, as attackers frequently abuse reputable registrars. The domain’s age and fresh SSL certificate are classic indicators of a fast-moving phishing operation designed to exploit user trust in established brands. Users who visited everydrop.live should immediately change their Dropbox password and enable two-factor authentication. Check account activity for signs of unauthorized access and revoke any suspicious sessions via Dropbox’s security settings. Use a password manager to avoid manually entering credentials on suspicious sites. Report the domain to Dropbox’s phishing reporting system and submit a takedown request to GoDaddy. Avoid interacting with any emails or links referencing this domain until it has been confirmed inactive. Consider using DNS filtering or browser-based security extensions to block future access. If credentials were entered, assume compromise and audit connected devices and third-party apps for unauthorized access. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 16:20:38 - Registrar: GoDaddy.com, LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cd375b0a-60c2-45df-9f34-0ac854853d90 - PhishDestroy: https://phishdestroy.io/domain/everydrop.live/ - LLM endpoint: https://phishdestroy.io/domain/everydrop.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/everydrop.live/ Last updated: 2026-03-22