# t.404pay.online — SUSPICIOUS

> t.404pay.online is a live crypto-drainer domain with 0/95 VirusTotal detections targeting users with fake loading pages. Report and block now.

## Summary
Domain t.404pay.online was flagged by PhishDestroy as an active crypto drainer under investigation. The landing page displays a Cyrillic title meaning “Loading…” and is designed to deceive visitors into connecting wallets under the pretense of a service, then silently siphoning crypto assets via a drainer script embedded in the page load. No specific brand is being impersonated in this campaign, indicating a standalone operator rather than a copycat of a well-known exchange or wallet provider.  This domain resolves to IP 95.129.237.44 and was registered through REG.RU LLC on 29 December 2025. The site holds a valid Let’s Encrypt SSL certificate, which increases user trust while hiding malicious traffic within encrypted channels. VirusTotal currently scores the page at 0/95 detections, showing zero detection by major antivirus engines at the time of analysis. Google Safe Browsing (GSB) has not yet listed the domain, and public blocklist aggregators report no entries against this domain as of the latest crawl. The domain registration is extremely recent, providing attackers a brief window to operate before defensive systems catch up.  As of this report, t.404pay.online remains active and continues to serve the malicious loading page. Immediate response includes blacklisting the domain and IP at network and perimeter levels, disabling inbound SSL inspection bypasses, and updating endpoint rules to block Let’s Encrypt-signed crypto-drainer domains. Remaining risk remains high due to low detection coverage and fresh registration, underscoring the need for real-time threat intelligence feeds and user education on crypto wallet connection warnings. Organizations are advised to audit outbound SSL traffic for new Let’s Encerson domains and block t.404pay.online at DNS and firewall layers immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Page title: ÐÐ°Ð³ÑÑÐ·ÐºÐ°...

## Domain Intelligence
- Registered: 2025-12-29 16:51:26
- Registrar: Registrar of Domain Names REG.RU LLC
- IP: 95.129.237.44

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ac0d22d4-6e21-4616-b6af-d7dd02767e35
- PhishDestroy: https://phishdestroy.io/domain/t.404pay.online/
- LLM endpoint: https://phishdestroy.io/domain/t.404pay.online/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/t.404pay.online/
Last updated: 2026-04-12