# slon4.net — SUSPICIOUS

> slon4.net is a newly registered domain (Feb 16, 2026) acting as a generic phishing lure, with 4/95 security vendors flagging it.

## Summary
PhishDestroy identifies slon4.net as an active generic phishing domain leveraging deceptive tactics to steal credentials or sensitive data. While no specific brand or drainer kit is directly associated with this domain in current threat feeds, its rapid registration (February 16, 2026) and minimal security vendor coverage (4/95) suggest opportunistic malicious intent. The absence of a branded decoy implies a broader, untargeted campaign aimed at broad victim pools rather than high-value entities.  This domain resolves to IP 188.114.97.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. Security vendor detection remains low at 4/95, indicating limited visibility in threat intelligence platforms. The domain holds a valid SSL certificate issued by Let’s Encrypt, potentially enhancing its credibility to unsuspecting users. With a creation date only days ago, its lack of historical trust data amplifies risk—especially when combined with the absence of inclusion in major blocklists or Google Safe Browsing (GSB) at this time.  As of now, slon4.net remains active and poses an elevated risk due to its fresh registration and low detection baseline. Immediate defensive actions include adding the domain and its resolved IP (188.114.97.3) to organizational blocklists, disabling SSL inspection bypass where applicable, and alerting end users to avoid interaction. While the immediate threat can be mitigated through proactive blocking, the domain’s short operational history leaves open the possibility of rapid evolution or shift in infrastructure. Continuous monitoring remains essential to detect secondary infrastructure or changes in campaign targeting.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-16 12:10:43
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f60a4a5b-5555-4a2f-917f-0aa72ae7a660
- PhishDestroy: https://phishdestroy.io/domain/slon4.net/
- LLM endpoint: https://phishdestroy.io/domain/slon4.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slon4.net/
Last updated: 2026-03-28