# slon-1at.cc — MALICIOUS

> Domain slon-1at.cc is a crypto drainer impersonating Trust Wallet. VirusTotal flags 9/95 vendors. Avoid all wallet connection prompts immediately.

## Summary
PhishDestroy identifies slon-1at.cc as an active crypto drainer posing as Trust Wallet to steal cryptocurrency assets. The threat level is elevated due to the domain’s recent creation and multiple red flags in its infrastructure. This site does not provide legitimate services; instead, it lures users into connecting their wallets to drain funds through deceptive prompts.  

This domain was flagged by VirusTotal with 9 out of 95 security vendors detecting malicious activity, indicating widespread suspicion. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 19, 2026, and resolves to the IP address 185.226.92.168. The SSL certificate issued by Let’s Encrypt provides no assurance of legitimacy, as threat actors frequently exploit free certificates to appear trustworthy. The domain’s recent registration suggests a short-lived operation, a common tactic to evade prolonged scrutiny.  

To mitigate risk, users should avoid interacting with slon-1at.cc entirely, especially any prompts to connect wallets or enter seed phrases. Verify URLs manually before engaging, and use hardware wallets for critical transactions. Report this domain to your antivirus provider and block it via your network’s firewall rules. If funds are stolen, file a report with local law enforcement and your cryptocurrency exchange’s fraud department. Always cross-check domains against blocklists like PhishTank or URLVoid prior to use.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-19 11:31:54
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/70fd84e0-9449-46ed-abba-7d2e6b98132a
- PhishDestroy: https://phishdestroy.io/domain/slon-1at.cc/
- LLM endpoint: https://phishdestroy.io/domain/slon-1at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon-1at.cc/
Last updated: 2026-03-27