# slon2----cc.vip — SUSPICIOUS > PhishDestroy identifies 'slon2----cc.vip' as a live phishing site posing as crypto drainer kit. Resolves to 199.217.99. ## Summary The domain slon2----cc.vip has been flagged by PhishDestroy as a generic phishing landing page actively impersonating legitimate cryptocurrency platforms. Intelligence indicates this domain leverages a drainer kit designed to silently siphon digital assets from unwitting users who engage with its fraudulent interfaces. The kit appears to be in active distribution, with no specific brand alignment detected yet, suggesting opportunistic targeting rather than a focused campaign against a single entity. Technical indicators confirm this domain resolves to IP 199.217.99.9 and was registered on April 01, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal currently reports 0/95 detection coverage, indicating zero sandbox or antivirus engines have flagged the sample as malicious. The domain holds a valid Let’s Encrypt SSL certificate, enhancing its credibility. Analysis via Google Safe Browsing (GSB) and public blocklists remains negative, with no prior associations to known malware families or phishing repositories. These indicators suggest a recently deployed, minimally documented campaign with evasion tactics still in early stages. As of today, slon2----cc.vip remains active and unblocked by major security vendors, with risk classification under active investigation. PhishDestroy recommends immediate network-level blocking of the domain and associated IP 199.217.99.9. Users are strongly advised to avoid any interaction with this domain, abstain from downloading files or engaging with its interfaces, and report any suspicious activity to their security teams. The low detection rate and fresh registration elevate the risk of successful compromise, warranting heightened vigilance. This advisory will be updated as additional intelligence emerges. Seed: f881fc ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-01 13:50:24 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 199.217.99.9 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/slon2----cc.vip - PhishDestroy: https://phishdestroy.io/domain/slon2----cc.vip/ - LLM endpoint: https://phishdestroy.io/domain/slon2----cc.vip/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/slon2----cc.vip/ Last updated: 2026-04-04