# slon2at4.ru — SUSPICIOUS

> slon2at4.ru is linked to credential theft attempts with 0/95 VirusTotal detections. Monitor closely and avoid interaction with this domain.

## Summary
PhishDestroy identifies slon2at4.ru as a domain involved in credential theft operations. While no specific brand impersonation or crypto draining kit has been conclusively tied to this domain, it is currently suspected of facilitating unauthorized credential harvesting. The threat is still under investigation to determine the full extent of its malicious activities.

Technical indicators for slon2at4.ru include a VirusTotal detection ratio of 0 out of 95, meaning none of the scanning engines have flagged it as malicious yet. The domain was registered through the REGRU-RU registrar and was created on March 11, 2026. It resolves to the IP address 205.185.113.136 and is secured with a Let's Encrypt SSL certificate. There are no current Google Safe Browsing (GSB) warnings or blocklist entries linked to this domain as of now.

The domain remains active and under close scrutiny. Despite the lack of detections or blocklist presence to date, its association with credential theft necessitates caution. Security teams are advised to monitor network traffic for any communications involving slon2at4.ru and to block or quarantine related access when detected. Users should be warned to avoid submitting sensitive information or credentials on this domain until further investigation completes and a final verdict is reached.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-11 01:36:17
- Registrar: REGRU-RU
- IP: 205.185.113.136

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ce936348-22d4-4e4b-afd5-2b2ada7aa6bb
- PhishDestroy: https://phishdestroy.io/domain/slon2at4.ru/
- LLM endpoint: https://phishdestroy.io/domain/slon2at4.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon2at4.ru/
Last updated: 2026-03-28