# at-slon4.cc — SUSPICIOUS

> at-slon4.cc is a Microsoft 365 login phishing page hosted on Let's Encrypt SSL. Check the full report.

## Summary
PhishDestroy identifies at-slon4.cc as an active phishing domain designed to steal Microsoft 365 login credentials. The site mimics a corporate authentication portal, tricking visitors into entering their work or personal email passwords. Once submitted, stolen credentials are harvested by attackers for account takeovers, data theft, or further phishing campaigns against contacts in the victim's address book. This domain was specifically observed in a credential-harvesting campaign targeting employees with spoofed Office 365 login pages.

The domain was registered on February 18, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolved to IP address 188.114.96.3. Security vendor analysis shows only 2 out of 95 engines detected malicious activity via VirusTotal, highlighting how new and evasive this threat is. Use of a Let's Encrypt SSL certificate adds false legitimacy, making the phishing page appear secure and trustworthy at first glance.

If you visited at-slon4.cc and entered any login details, immediately change your password on the legitimate Microsoft 365 portal and enable multi-factor authentication. Scan your device with an updated antivirus tool and monitor your email and financial accounts for suspicious activity. Report the incident to your IT department or security team if it was work-related. Never reuse the exposed password on other accounts, as attackers may attempt credential stuffing across platforms. Consider using a password manager to prevent reuse and enable breach alerts for early warnings of compromised credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-18 22:01:34
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cc3cc399-23f5-429e-9c3b-9b8c3a429661
- PhishDestroy: https://phishdestroy.io/domain/at-slon4.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-slon4.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-slon4.cc/
Last updated: 2026-03-28