# fortdrop.cfd — SUSPICIOUS

> fortdrop.cfd hosts a live crypto drainer (0/95 VirusTotal detections). Impersonates Fortnite to steal wallet credentials. Block immediately.

## Summary
PhishDestroy identifies fortdrop.cfd as an active crypto drainer campaign targeting Fortnite users. The domain was registered on March 08, 2026, and resolves to IP 104.21.27.174. It leverages a Let's Encrypt SSL certificate to appear legitimate, while hosting a drainer kit designed to siphon cryptocurrency from compromised wallets. The infrastructure suggests a focus on gaming-related fraud, likely exploiting brand recognition to deceive victims into connecting malicious smart contracts.  The domain shows no detections on VirusTotal (0/95) and is registered through Web Commerce Communications Ltd. The IP address 104.21.27.174 is shared hosting, increasing the risk of collateral damage. No blocklist entries were detected at the time of analysis, and Google Safe Browsing (GSB) has not flagged the domain. The recent creation date (March 08, 2026) indicates this is a newly deployed threat, with threat actors likely iterating rapidly to evade detection.  This domain remains active and poses a high risk to cryptocurrency users, particularly those engaged in gaming communities. Immediate blocking at the network and endpoint levels is recommended. Users should avoid interacting with the domain and verify any Fortnite-related links through official channels. Further investigation is warranted to identify additional infrastructure and potential victims. Remaining risk is high due to the lack of detections and recent deployment.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-08 16:35:24
- Registrar: Web Commerce Communications Ltd
- IP: 104.21.27.174

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9ef1f458-b41e-4531-b1cb-723b8d7d49e6
- PhishDestroy: https://phishdestroy.io/domain/fortdrop.cfd/
- LLM endpoint: https://phishdestroy.io/domain/fortdrop.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fortdrop.cfd/
Last updated: 2026-03-21