# 484.lol — SUSPICIOUS

> 484.lol is a phishing domain distributing a web3 drainer kit since March 2026, resolving to 188.114.96.3.

## Summary
PhishDestroy analysts identified 484.lol as an active phishing domain associated with a brand impersonation campaign targeting cryptocurrency users. The domain is linked to a web3 cryptocurrency drainer kit, designed to deceive visitors into connecting compromised wallets or revealing seed phrases under the guise of legitimate services. Infrastructure overlaps with other campaigns leveraging Let’s Encrypt certificates to enhance domain legitimacy. The seed “9bfc56” confirms this is a tracked malicious entry in monitoring systems.

Technical indicators: VirusTotal shows a detection rate of 0/95, indicating no antivirus or security vendor flags as of the latest update. The domain was created on March 18, 2026, and resolves to IP address 188.114.96.3. Registration was processed via NameSilo, LLC, and the site employs an SSL certificate from Let’s Encrypt to mimic legitimate HTTPS sites. As of today, preliminary checks show no inclusion in Google Safe Browsing (GSB) lists, with blocklisting still under review across threat intelligence platforms.

The domain remains active and under investigation. PhishDestroy recommends immediate blocking of 484.lol and the associated IP 188.114.96.3 within organizational and personal security controls. Users should avoid accessing the domain, refrain from entering any credentials or cryptocurrency wallet details, and report any engagement to their security teams. Remaining risk is classified as under_investigation due to low initial detection coverage, but proactive blocking is advised to prevent compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-18 20:12:43
- Registrar: NameSilo, LLC
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8be9c3bc-4abc-4b5f-815a-752ada35282a
- PhishDestroy: https://phishdestroy.io/domain/484.lol/
- LLM endpoint: https://phishdestroy.io/domain/484.lol/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/484.lol/
Last updated: 2026-03-21