# slon11c.cc — MALICIOUS

> slon11c.cc is flagged for fake login phishing with 5/95 VT detections. Users should verify its status on PhishDestroy before interacting.

## Summary
PhishDestroy identifies slon11c.cc as an active phishing domain specifically involved in fake login scams designed to steal user credentials. There is no direct indication of a specific brand impersonation or crypto drainer kit associated with this domain, but the generic phishing threat type suggests attempts to obtain sensitive login information through fraudulent means.

From a technical perspective, slon11c.cc has a VirusTotal detection rate of 5 out of 95 security vendors, indicating that some security tools recognize it as malicious though it may evade others. The domain was created on February 18, 2026, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It uses a free SSL certificate issued by Let's Encrypt, which is commonly used in phishing as a means to appear legitimate. The domain resolves to IP address 104.21.1.128. While there is no specific mention of Google Safe Browsing (GSB) status or blocklist count in the reported data, the domain's presence in virus scanning engines confirms an elevated risk.

Currently, slon11c.cc remains active and continues to pose a threat to users who might interact with its fake login pages. It is strongly advised that internet users avoid visiting the domain and verify any suspicious links or login requests on trusted platforms such as PhishDestroy. Security teams should consider blocking this domain at the network level and continue monitoring for updated intelligence, as the threat from phishing domains can rapidly evolve and lead to credential theft and account compromises.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-18 23:37:43
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.1.128

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4a834872-ad01-4e71-8069-d274037ddef3
- PhishDestroy: https://phishdestroy.io/domain/slon11c.cc/
- LLM endpoint: https://phishdestroy.io/domain/slon11c.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon11c.cc/
Last updated: 2026-03-28