# slon2market.cc — MALICIOUS

> slon2market.cc poses phishing risks. Avoid sharing personal info and verify site legitimacy to stay safe online.

## Summary
PhishDestroy identifies slon2market.cc as a medium-risk phishing domain, designed to deceive users through a seemingly legitimate marketplace interface titled "KRA - всегда свежие продукты в нашем маркете." The domain aims to trick visitors into divulging sensitive personal or financial information under the guise of offering fresh products. This generic phishing threat is notable for its active status and continued attempts to lure unsuspecting users.

Technical analysis reveals that slon2market.cc was registered recently on March 11, 2026, through NiceNIC International Group Co., Limited, a registrar sometimes associated with suspicious domain registrations. The domain resolves to IP address 89.34.230.250 and has been flagged in one security blocklist, with 7 out of 95 security engines on VirusTotal marking it as suspicious. This infrastructure points to a coordinated effort to maintain accessibility while evading detection mechanisms.

Currently, slon2market.cc remains operational and continues posing risks to internet users. PhishDestroy strongly recommends that users avoid interacting or submitting any information on this site. Security professionals should consider adding this domain to their phishing blocklists and monitor for related infrastructure. Always verify the authenticity of marketplaces and exercise caution when encountering newly registered or flagged domains with active phishing activity.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: KRA - всегда свежие продукты в нашем маркете

## Domain Intelligence
- Registered: 2026-03-11 19:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 89.34.230.250
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS207847 CloudBlast LLC
- Nameservers: ["a.dnspod.com", "c.dnspod.com"]
- SSL Issuer: Let's Encrypt / R13

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ced27-f452-7798-8d76-15b0e21d759d.png
- PhishDestroy: https://phishdestroy.io/domain/slon2market.cc/
- LLM endpoint: https://phishdestroy.io/domain/slon2market.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon2market.cc/
Last updated: 2026-03-19