# slon--3--at.ru — SUSPICIOUS

> slon--3--at.ru is a currently active phishing domain (generic_phishing) that may pose as a legitimate service to steal user data.

## Summary
PhishDestroy identifies slon--3--at.ru as an active domain under generic phishing investigation, flagged with a unique seed of 2ce9c4. This domain poses a credible threat as it may be used to impersonate legitimate services, tricking users into divulging sensitive information such as login credentials or financial details. The threat actor behind this domain is likely using social engineering tactics to deceive victims into trusting the malicious site.  This domain was flagged with zero detections out of 95 VirusTotal scans, indicating a low initial detection rate despite its malicious intent. It resolves to IP address 205.185.113.136 and is registered through REGRU-RU, a common registrar used by threat actors to obscure their identities. The domain was created on February 28, 2026, which is notably recent, suggesting a rapidly deployed campaign. It also holds a valid SSL certificate from Let's Encrypt, further adding to its deceptive appearance as a legitimate service.  If you have visited slon--3--at.ru, immediately cease any interaction with the site and do not enter any personal or financial information. Check your device for signs of compromise, such as unusual network activity or unauthorized access. Report the domain to your IT security team or the appropriate authorities, such as CERT or local cybercrime units. Use reputable antivirus software to scan your system and consider resetting passwords for accounts that may have been exposed. Stay vigilant for follow-up phishing attempts, as threat actors often leverage compromised data for targeted attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-28 01:48:20
- Registrar: REGRU-RU
- IP: 205.185.113.136

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/afde288a-95ff-4739-9d21-8d443ed15f41
- PhishDestroy: https://phishdestroy.io/domain/slon--3--at.ru/
- LLM endpoint: https://phishdestroy.io/domain/slon--3--at.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon--3--at.ru/
Last updated: 2026-03-28