# slon3.to — SUSPICIOUS

> PhishDestroy warns slon3.to is a suspected crypto drainer scam with 0/95 VirusTotal detections; verify before clicking and check our blocklist.

## Summary
PhishDestroy identifies slon3.to as an active crypto drainer domain presently under investigation for generic phishing behavior. The domain does not directly impersonate a known brand but is weaponized to intercept and drain cryptocurrency transfers via malicious JavaScript kits. The landing page is designed to deceive users into connecting wallets and signing malicious transactions that transfer assets to attacker-controlled addresses without consent.  

This domain was flagged via seed f22915 and shows exact indicators: 0 detections on VirusTotal out of 95 engines, registered through the Government of the Kingdom of Tonga on February 09, 2026, resolving to IPv4 64.190.63.222, and secured with a DigiCert SSL certificate. Google Safe Browsing currently lists the domain as clean, and no public blocklists (including PhishTank, OpenPhish, or URLVoid) have flagged it as of the latest scan.  

The domain remains ACTIVE and is actively resolving. PhishDestroy has escalated the case to Tier-2 analysis for behavioral confirmation of the drainer kit and is coordinating with hosting provider Liquid Web (AS3223) for takedown. The current risk is UNDER INVESTIGATION but considered MEDIUM due to active resolution and lack of AV coverage. Users are urged to avoid interacting with slon3.to, verify destination URLs via PhishDestroy’s real-time scanner, and report any wallet interactions to their security teams. Remaining risk hinges on confirmation of drainer payload and persistence of zero detections.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-09 14:26:01
- Registrar: Government of Kingdom of Tonga
- IP: 64.190.63.222

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3a6ddb2a-43f5-4ae8-a1ff-7b130714285e
- PhishDestroy: https://phishdestroy.io/domain/slon3.to/
- LLM endpoint: https://phishdestroy.io/domain/slon3.to/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon3.to/
Last updated: 2026-03-28