# slon------2-at.ru — SUSPICIOUS

> The slon------2-at.ru domain (created March 2026) is hosting fake login pages to harvest credentials. Check the full report.

## Summary
PhishDestroy identifies slon------2-at.ru as a live credential harvesting domain operating under an active phishing campaign seed c2286b.

This domain delivers counterfeit login interfaces designed to trick visitors into surrendering credentials under the guise of a legitimate service. VirusTotal currently flags 0 out of 95 scanning vendors, indicating it has yet to be widely recognized as malicious. The domain was registered through RU-CENTER-RU on March 11 2026 using a Let’s Encrypt SSL certificate and resolves to IP address 185.212.128.10, which shows no prior listing on major threat blocklists.

While the campaign remains under investigation, the absence of detections and recent registration timeline suggest evolving infrastructure. Organizations are advised to block outbound connections to slon------2-at.ru and inspect DNS logs for queries pointing to 185.212.128.10 to prevent potential credential theft or follow-on compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-11 16:19:30
- Registrar: RU-CENTER-RU
- IP: 185.212.128.10

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/916dee58-04f1-4748-a4f1-48872239b076
- PhishDestroy: https://phishdestroy.io/domain/slon------2-at.ru/
- LLM endpoint: https://phishdestroy.io/domain/slon------2-at.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon------2-at.ru/
Last updated: 2026-03-28