# slon2.cc — MALICIOUS

> slon2.cc linked to credential phishing with a 10/95 VirusTotal detection rate. Immediate scan advised. Check the full report.

## Summary
PhishDestroy identifies slon2.cc as an active credential-phishing domain operating under an elevated threat classification. The domain mirrors branding consistent with the slon3.cc family, indicating a coordinated campaign targeting user credentials under the guise of a legitimate login portal. No specific drainer kit fingerprint has been isolated, though the page title and domain alignment suggest a clone-and-hijack strategy common in credential harvesting operations.  

This domain resolves to IP 104.26.1.79 and was registered on February 11, 2026 via Web Commerce Communications Limited dba WebNic.cc. A Let's Encrypt SSL certificate is in use, and VirusTotal analysis shows 10 out of 95 security vendors flagged slon2.cc as malicious. The domain has not yet been processed by Google Safe Browsing (GSB), and public blocklist records indicate no prior detections, demonstrating a recently deployed infrastructure.  

Currently active, slon2.cc remains unblocked across major browsers and security platforms. Immediate containment actions include network-level blocking via firewall rules targeting 104.26.1.79 and domain denial within DNS sinkholes. Users are advised to avoid accessing this domain and verify all login URLs manually. Despite these measures, the risk remains elevated due to the domain's youth and untracked status, necessitating heightened monitoring and user awareness campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Page title: slon3.cc

## Domain Intelligence
- Registered: 2026-02-11 15:09:22
- Registrar: Web Commerce Communications Limited dba WebNic.cc
- IP: 104.26.1.79

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a8d8d51e-1e2f-41b6-9197-b3a7be46cfab
- PhishDestroy: https://phishdestroy.io/domain/slon2.cc/
- LLM endpoint: https://phishdestroy.io/domain/slon2.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon2.cc/
Last updated: 2026-03-28