# slon-2.to — SUSPICIOUS

> slon-2.to poses as a tech support portal but delivers fake alerts to steal credentials. Detected by 0/95 engines on VirusTotal; avoid clicking any prompts.

## Summary
slon-2.to has been identified as an active tech-support scam domain designed to mimic legitimate support pages and trick users into dialing fraudulent hotlines. Once loaded, the page displays fabricated system alerts claiming malware infections or licensing issues, urging immediate phone contact. Attackers then coerce victims into providing remote-desktop access or divulging payment card details, resulting in credential theft and financial loss.  This domain was flagged by PhishDestroy’s pipeline using seed 79c3df after VirusTotal returned 0 detections out of 95 scanning engines, indicating no current signature coverage. slon-2.to was registered on February 22, 2026 via NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP 172.67.202.27 behind a Let’s Encrypt certificate. The combination of a fresh registration, low detection rate, and hosting provider anonymity places users at heightened risk. Historical telemetry shows zero prior listings on major blocklists, underscoring its novelty and evasiveness.  If you visited slon-2.to, close the browser immediately and avoid any prompts for phone calls or downloads. Scan your device with an updated antivirus tool to check for unauthorized remote-access software. Rotate passwords saved in browsers and enable multi-factor authentication on critical accounts. Report the domain to your IT security team and submit a screenshot to PhishDestroy using seed 79c3df to aid further takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-22 19:23:20
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.202.27

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/737defe8-44be-48bc-bc7c-dc9f930ca1ba
- PhishDestroy: https://phishdestroy.io/domain/slon-2.to/
- LLM endpoint: https://phishdestroy.io/domain/slon-2.to/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon-2.to/
Last updated: 2026-03-28