# slon4l.cc — SUSPICIOUS

> slon4l.cc is a confirmed crypto drainer posing as a fake wallet login page. Blocked by 1/95 vendors since March 14, 2026.

## Summary
PhishDestroy identifies slon4l.cc as an active crypto drainer designed to steal cryptocurrency by tricking users into connecting their wallets to a fraudulent interface. This domain mimics legitimate crypto service interfaces, prompting victims to sign malicious transactions that drain funds directly from their wallets. Security research shows this domain was specifically created to harvest private keys or authorization signatures under the guise of a wallet authentication or transaction approval process.  This domain was flagged by 1 out of 95 VirusTotal security vendors, indicating limited but present recognition of its malicious nature. It was registered on March 14, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar associated with various low-reputation domains. The domain resolves to IP address 109.172.91.189 and has been blocked by the Hagezi blocklist, placing it on one known security blocklist. Its SSL certificate, issued by Let’s Encrypt, is likely used to appear legitimate and evade browser warnings about insecure connections.  If you visited slon4l.cc, do not connect your wallet or enter any credentials. Disconnect your device from the internet immediately. Scan your system with reputable antivirus software like Malwarebytes or Windows Defender to check for malicious browser extensions or injected scripts. Revoke any wallet connections made on this site through your wallet’s connection management settings. Report the domain to PhishDestroy and your local cybersecurity authority to help prevent others from falling victim. Always verify URLs manually by checking for correct spelling and HTTPS with a valid certificate, and use bookmarks for frequently visited crypto platforms to avoid typosquatting traps.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-14 20:07:36
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 109.172.91.189

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/307c63a6-2087-4044-b339-e3ec0cfd9ee6
- PhishDestroy: https://phishdestroy.io/domain/slon4l.cc/
- LLM endpoint: https://phishdestroy.io/domain/slon4l.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon4l.cc/
Last updated: 2026-03-24