# zlon5.to — SUSPICIOUS

> PhishDestroy identifies zlon5.to as a crypto drainer phishing site with 0/95 VirusTotal detections. Registered Feb 23, 2026 via Tonga registrar.

## Summary
PhishDestroy identifies zlon5.to as an actively operating crypto drainer phishing domain designed to steal cryptocurrency from unsuspecting users. The site mimics legitimate crypto platforms to trick victims into connecting their wallets and approving malicious transactions that drain funds directly. Attackers rely on urgency and fake promotions to bypass security awareness, making this threat particularly dangerous for anyone involved in crypto transactions.  This domain was flagged after technical analysis revealed multiple red flags: it currently shows 0 detections on VirusTotal despite being active, was created on February 23, 2026, and operates through Let's Encrypt SSL certificates to appear legitimate. The domain resolves to IP address 172.67.216.70 and was registered through the Government of Kingdom of Tonga, which has no direct involvement—this is simply the registrar used by threat actors to mask their identity. The combination of zero detections, recent creation date, and crypto-focused functionality creates a high-confidence threat profile.  If you visited zlon5.to, immediately disconnect your wallet and revoke any permissions granted. Check your transaction history for suspicious outbound transfers and report any losses to your wallet provider and local cybercrime authorities. Never approve wallet connections or enter seed phrases on unfamiliar sites. Use hardware wallets for additional protection and verify URLs through official channels before interacting with crypto platforms. Stay alert to domain age and SSL certificate details as these are common indicators of malicious sites.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-23 18:24:10
- Registrar: Government of Kingdom of Tonga
- IP: 172.67.216.70

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/45183a3b-f039-422f-a103-34dd93295311
- PhishDestroy: https://phishdestroy.io/domain/zlon5.to/
- LLM endpoint: https://phishdestroy.io/domain/zlon5.to/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/zlon5.to/
Last updated: 2026-03-28