# slon12at.com — SUSPICIOUS

> Stay safe online by avoiding slon12at.com, a phishing site. Do not enter personal info and report suspicious activity immediately.

## Summary
PhishDestroy has identified slon12at.com as an active phishing domain with a medium risk level. The domain is involved in generic phishing attacks, aiming to deceive users into divulging sensitive information such as login credentials or personal data.

Analysis reveals that slon12at.com was registered on March 13, 2026, through NiceNIC International Group Co., Limited. It resolves to IP address 104.21.85.220 and currently remains active. VirusTotal flags this domain with 3 out of 95 security vendors marking it as suspicious. Additionally, the domain appears on one security blocklist, reinforcing its malicious intent. The page title found, "slon12.at," suggests an attempt to mimic a legitimate site to trick users.

Users are advised to avoid accessing slon12at.com and refrain from submitting any personal or financial information on this site. Organizations should update their blocklists and monitor network traffic for connections to this domain. PhishDestroy continues to track slon12at.com’s status as it remains a potential threat in the phishing landscape.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 200)
- Page title: slon12.at

## Domain Intelligence
- Registered: 2026-03-13 03:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.85.220
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: blair.ns.cloudflare.com lochlan.ns.cloudflare.com
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Fortinet", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce540-021b-77c0-afad-9fe0791628f1.png
- PhishDestroy: https://phishdestroy.io/domain/slon12at.com/
- LLM endpoint: https://phishdestroy.io/domain/slon12at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon12at.com/
Last updated: 2026-03-19