# slon3---to.ru — SUSPICIOUS

> Slon3---to.ru is a crypto drainer phishing site only detected 0/95 on VirusTotal. Users warned to avoid this fraudulent login portal and verify URLs via.

## Summary
PhishDestroy identifies slon3---to.ru as an active crypto drainer phishing domain crafted to steal cryptocurrency from unsuspecting victims. The site impersonates legitimate crypto platforms through deceptive landing pages designed to capture private keys, wallet passwords, or seed phrases before draining funds. This domain has registered zero detections on VirusTotal as of the latest scan, indicating it evades most automated defenses despite its malicious intent. Registered through RU-CENTER-RU on February 26, 2026, the domain resolves to IP 104.21.84.37 and operates under a Let's Encrypt SSL certificate to appear trustworthy. Its recent creation and low detection rate suggest this threat actor is actively testing new infrastructures to bypass security filters.  This domain represents a clear and present danger to crypto users, particularly those engaging in decentralized finance or non-custodial wallet transactions. The absence of detections on VirusTotal (0/95 engines) highlights the challenge of early detection against rapidly evolving phishing tactics. Domain registration via RU-CENTER-RU, a Russian domain registrar, combined with the use of a legitimate SSL certificate, reflects a deliberate effort to appear non-malicious while hosting fraudulent content. The domain’s recent launch—under two weeks old—signals opportunistic targeting rather than long-standing operation, likely aimed at capitalizing on current market trends or user behavior patterns.  If you have visited slon3---to.ru or entered any credentials, private keys, or crypto wallet information on its pages, take immediate action to secure your assets. Disconnect from the internet, revoke any session tokens or API keys exposed on the site, and transfer remaining funds to a new wallet. Run a full antivirus scan on your device to check for malware or browser extensions that may have been installed without consent. Report the domain to PhishDestroy for blocking and verification. Always verify URLs manually, use hardware wallets where possible, and confirm site legitimacy through official channels before entering sensitive data.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-26 06:28:06
- Registrar: RU-CENTER-RU
- IP: 104.21.84.37

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/93e689d8-8b46-45a9-ad6f-bcf633b54100
- PhishDestroy: https://phishdestroy.io/domain/slon3---to.ru/
- LLM endpoint: https://phishdestroy.io/domain/slon3---to.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon3---to.ru/
Last updated: 2026-03-22