# slon4---a-----t.ru — SUSPICIOUS

> PhishDestroy identifies slon4---a-----t.ru as an active crypto drainer phishing domain. 0/95 VirusTotal detections reported.

## Summary
PhishDestroy’s automated pipeline flagged slon4---a-----t.ru as a live crypto drainer domain engineered for credential and wallet theft. This domain impersonates a legitimate brand infrastructure to deceive crypto users into connecting wallets or surrendering private keys. No public reports of a drainer kit were retrieved, but the domain’s structure (excessive hyphens, mismatched naming) is characteristic of disposable phishing landing pages optimized for quick monetization.  This domain resolves to IPv4 168.100.8.206 and was registered on April 03, 2026 through FE-RU. VirusTotal currently scores the URL 0/95 detections and it carries a Let’s Encrypt SSL certificate, increasing perceived legitimacy. Google Safe Browsing has not flagged the domain, and public blocklist telemetry is still accumulating, indicating it is newly active. The registration timestamp suggests a short-lived campaign window, typical of crypto-drainer operations seeking quick ROI.  slon4---a-----t.ru remains active and under real-time investigation. PhishDestroy analysts continue to monitor telemetry, sandbox detonation, and wallet-cluster linkage. Risk to end-users is elevated until the domain is sinkholed or blacklisted; users should block the IP and domain at perimeter and endpoint levels. Remaining risk is classified as under_investigation with potential escalation to high if wallet interactions are confirmed.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-03 16:45:02
- Registrar: FE-RU
- IP: 168.100.8.206

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/slon4---a-----t.ru
- PhishDestroy: https://phishdestroy.io/domain/slon4---a-----t.ru/
- LLM endpoint: https://phishdestroy.io/domain/slon4---a-----t.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon4---a-----t.ru/
Last updated: 2026-04-07