# slon5.to — SUSPICIOUS > slon5.to is a crypto drainer scam hosting a generic phishing page. Resolves to 64.190.63.222, domain created Feb 09, 2026. ## Summary PhishDestroy identifies slon5.to as an active generic phishing domain under investigation for involvement in cryptocurrency drainer campaigns. The domain shows no branding association with known legitimate entities, nor does it display the hallmarks of a sophisticated spoofing kit, suggesting a basic but potentially effective fraudulent landing page. While the threat type remains generic, the operational pattern—rapid domain registration, deployment of SSL encryption via DigiCert, and hosting on a fresh infrastructure point—aligns with the lifecycle of low-complexity asset theft operations targeting blockchain users. The absence of brand imitation does not reduce the risk; rather, it reflects a shift toward opportunistic deception where victims are lured via unspecific promises of rewards or services. Technical indicators reveal a concerning yet undetected threat: slon5.to has zero detections among 95 VirusTotal engines as of the investigation seed 9e69e1. The domain is registered through the Government of the Kingdom of Tonga, adding an unexpected layer of legitimacy through an official registry, and resolves to IP 64.190.63.222. With a creation date of February 09, 2026—only recently—this domain is part of a new wave of fraudulent infrastructure. No current blocklist presence (zero flags reported) indicates it has evaded automated defenses, increasing exposure to potential victims. The SSL certificate from DigiCert further normalizes the domain’s appearance, enabling trust in phishing interactions. As of this analysis, slon5.to remains active and unblocked, with no known takedown or remediation by hosting providers or registries. Given the zero detection score and fresh infrastructure, the domain represents a high-risk endpoint for cryptocurrency users, particularly those engaging with unauthenticated web3 services or deceptive reward platforms. Immediate defensive action is required: users should block slon5.to at DNS and network levels, avoid all interactions, and report the domain to threat intelligence platforms and browser security teams. Remaining risk is elevated due to lack of detection and novel registration, making proactive blocking essential to prevent asset loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-09 14:28:07 - Registrar: Government of Kingdom of Tonga - IP: 64.190.63.222 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d60ffd43-7cd6-448f-9f41-b6ec9f39bd80 - PhishDestroy: https://phishdestroy.io/domain/slon5.to/ - LLM endpoint: https://phishdestroy.io/domain/slon5.to/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/slon5.to/ Last updated: 2026-03-28