# slon3cc-l.ru — SUSPICIOUS

> The domain slon3cc-l.ru is a generic phishing site with 0/95 VirusTotal detections. Avoid interacting with it to prevent credential theft or malware exposure.

## Summary
PhishDestroy identifies the domain slon3cc-l.ru as a generic phishing host currently under investigation for active malicious activities. The domain is not yet flagged by security vendors but poses a credible threat, warranting immediate scrutiny by SOC teams and users alike. No specific brand impersonation has been confirmed at this stage, and the threat classification remains under evaluation pending further evidence of targeted lures or infrastructure overlap.


This domain was flagged by 0 of 95 VirusTotal vendors as of the latest analysis, indicating a low detection rate despite its malicious potential. The domain was registered through REGRU-RU on March 08, 2026, and resolves to the IP address 205.185.113.136, which hosts a Let’s Encrypt SSL certificate. Its recent creation date and clean reputation across current threat intelligence feeds suggest it may be a newly deployed resource, possibly leveraging short-lived infrastructure to evade detection. No entries were found on any major blocklists at the time of assessment, and its trust scores across platforms like VirusTotal, URLVoid, and DomainTools remain neutral or undeveloped.


Given its active status and low detection coverage, slon3cc-l.ru represents an emerging threat that could escalate rapidly. Users are advised to block the domain at the network perimeter and DNS level using indicators such as the domain name, associated IP (205.185.113.136), and SSL certificate fingerprint if available. SOC teams should monitor this domain for shifts in detection coverage, DNS changes, or new associations with known malicious IPs or ASNs. Implement strict email filtering rules to quarantine messages containing slon3cc-l.ru or its subdomains, and conduct enhanced user awareness training to mitigate the risk of credential harvesting campaigns. This advisory will be updated as additional intelligence becomes available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-08 01:22:33
- Registrar: REGRU-RU
- IP: 205.185.113.136

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/de5bb86b-8cdb-497e-b9e3-2177cb8a31c5
- PhishDestroy: https://phishdestroy.io/domain/slon3cc-l.ru/
- LLM endpoint: https://phishdestroy.io/domain/slon3cc-l.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon3cc-l.ru/
Last updated: 2026-03-28