# at-slon7.cc — SUSPICIOUS

> PhishDestroy warns of at-slon7.cc, a crypto drainer domain flagged by 4 of 95 VirusTotal vendors. Avoid this active crypto wallet impersonation site and verify.

## Summary
PhishDestroy identifies the domain at-slon7.cc as an active crypto drainer impersonating cryptocurrency wallet login pages to siphon digital assets. This threat is currently classified with an elevated risk level and remains active in the wild. Threat actors leverage this domain to deceive users into entering wallet credentials, enabling unauthorized cryptocurrency transfers under the guise of legitimate authentication processes.  This domain was flagged by 4 of 95 VirusTotal security vendors, indicating initial detection by a minority of scanning engines. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, with an SSL certificate issued by Let's Encrypt to maintain a false sense of legitimacy. It resolves to the IP address 172.67.137.188 and was created on February 18, 2026, suggesting a recently established infrastructure for illicit activities. The domain's recent creation and limited detection underscore the importance of proactive monitoring and user vigilance in identifying emerging threats.  Given the elevated risk level and active status of at-slon7.cc, PhishDestroy recommends immediate action to mitigate potential exposure. Users should avoid interacting with this domain and verify any suspicious links using PhishDestroy's verification tools. Organizations are advised to update their threat intelligence feeds and block this domain at the network perimeter to prevent access. Additionally, users with cryptocurrency wallets should exercise heightened caution when entering credentials online, ensuring multi-factor authentication is enabled and only interacting with verified, official platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-18 22:01:42
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.137.188

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f96a369e-2ecd-4344-ad85-3f7fae971522
- PhishDestroy: https://phishdestroy.io/domain/at-slon7.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-slon7.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-slon7.cc/
Last updated: 2026-03-28