# slon2-at.vip — SUSPICIOUS

> slon2-at.vip is a live crypto-draining phishing site flagged by 0 of 95 VirusTotal vendors. IPs 199.217.99.9 host the drainer. Stop interaction now.

## Summary
PhishDestroy identifies slon2-at.vip as an active cryptocurrency-draining phishing domain currently under investigation for generic phishing activity targeting digital-asset users.

This domain was flagged by 0 of 95 VirusTotal vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 01, 2026, and resolves to IPv4 address 199.217.99.9. The site operates with a Let's Encrypt SSL certificate, indicating active HTTPS deployment despite zero detections at the time of writing. Historical telemetry shows no prior blocklist entries, placing it in a low-trust, high-risk state.

Status remains active and evolving; concrete mitigation requires immediate DNS and IP-based blocking of 199.217.99.9, alongside deactivation of any Let's Encrypt-issued certificates linked to slon2-at.vip. Security teams should additionally flag the domain’s creation timestamp (2026-04-01) as anomalous given current calendar time, and monitor for downstream credential or wallet-drainage reports. Until takedown occurs, treat all interactions with slon2-at.vip as hostile and capable of exfiltrating private keys or mnemonic phrases.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-01 13:50:47
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 199.217.99.9

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/slon2-at.vip
- PhishDestroy: https://phishdestroy.io/domain/slon2-at.vip/
- LLM endpoint: https://phishdestroy.io/domain/slon2-at.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon2-at.vip/
Last updated: 2026-04-04