# slon3----cc.vip — SUSPICIOUS

> PhishDestroy identifies slon3--cc.vip as a generic phishing domain with active crypto drainer activity. VirusTotal shows 0/95 detections.

## Summary
PhishDestroy identifies slon3--cc.vip as an active domain engaged in generic phishing with potential crypto drainer functionality. The domain employs brand impersonation tactics to deceive users into connecting crypto wallets or disclosing credentials. No specific drainer kit fingerprint (e.g., Venom, PinkDrainer) has been confirmed in public sources, but the domain’s configuration aligns with common drainer deployment patterns involving fake NFT mints, wallet connection prompts, or token airdrop scams. The operational goal is asset exfiltration through transaction signing manipulation or direct wallet compromise.

This domain was flagged with the following technical indicators: VirusTotal detection score of 0/95 (undetected as of last scan), registered via NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 199.217.99.9, secured with a Let’s Encrypt SSL certificate, and created on April 02, 2026. Google Safe Browsing (GSB) status remains unlisted, and no third-party blocklists currently include the domain. These indicators suggest a recently activated infrastructure with low detection coverage, increasing the risk of successful user compromise.

The campaign is currently active and under active monitoring by PhishDestroy. Users are advised to block the domain at network and DNS levels, avoid clicking any links, and verify all crypto-related transactions via official channels. While detection rates are low, the domain’s recent creation and clean reputation profile indicate elevated operational risk. Remaining risk includes continued phishing operations, potential pivot to new TLDs, or expansion into brand impersonation targeting high-value sectors such as DeFi or NFT communities. Immediate network-level blocking and user awareness are critical to prevent asset loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-02 13:31:26
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 199.217.99.9

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/slon3----cc.vip
- PhishDestroy: https://phishdestroy.io/domain/slon3----cc.vip/
- LLM endpoint: https://phishdestroy.io/domain/slon3----cc.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon3----cc.vip/
Last updated: 2026-04-04