# 1-slon3-at.ru — SUSPICIOUS

> PhishDestroy identifies 1-slon3-at.ru as an active fake service scam using a 1/95 VirusTotal detection rate.

## Summary
PhishDestroy identifies the domain 1-slon3-at.ru as an active phishing site posing as a fake service scam, targeting unsuspecting users with deceptive offers. The domain mirrors legitimate branding to trick visitors into submitting sensitive information or making unauthorized payments. No known drainer kit has been publicly linked to this domain, but its recent creation and low detection rate suggest it may be part of a rapidly evolving campaign. The site likely aims to harvest credentials or financial data under the guise of a promotional or service-related lure.  This domain was flagged by PhishDestroy with an elevated risk level due to its active phishing operation. Technical indicators include a VirusTotal detection score of 1/95 security vendors as of the latest scan, a Let's Encrypt SSL certificate, and resolution to IP address 172.67.186.103. The domain was registered through REGRU-RU on March 17, 2026, indicating a very recent registration intended to evade historical blocklists. At this time, the domain has not been flagged by Google Safe Browsing (GSB) or widely added to public blocklists, increasing its potential reach and effectiveness. The low VT score highlights the sophistication of the campaign in avoiding early detection.  As of the latest intelligence, the domain remains active with an elevated risk status. Immediate response actions include updating browser blocklists, flagging the domain at the registrar level, and notifying hosting providers. Users should avoid interacting with 1-slon3-at.ru and report any suspicious activity immediately. While the domain is currently active, coordinated takedown efforts are likely to reduce its lifespan. Remaining risk is elevated due to the domain’s fresh registration and low detection rate, making it a high-priority target for both automated and manual phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 11:03:37
- Registrar: REGRU-RU
- IP: 172.67.186.103

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6d83739c-10b7-41c9-b9a3-c60220020464
- PhishDestroy: https://phishdestroy.io/domain/1-slon3-at.ru/
- LLM endpoint: https://phishdestroy.io/domain/1-slon3-at.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/1-slon3-at.ru/
Last updated: 2026-03-28