# slonl5.cc — SUSPICIOUS

> PhishDestroy identifies slonl5.cc as a credential harvesting domain resolving to 188.114.96.3. This active site mimics login portals to steal user credentials.

## Summary
PhishDestroy has identified slonl5.cc as a credential-harvesting domain impersonating legitimate login portals to steal sensitive user information. This domain was flagged on February 18, 2026, and is currently active with zero detections on VirusTotal (0/95). Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain resolves to IP 188.114.96.3 and holds a Let's Encrypt SSL certificate—features commonly exploited by threat actors to appear legitimate.  

Technical analysis reveals slonl5.cc is engineered to deceive users into entering credentials under the guise of a trusted service. The domain exhibits red flags such as recent creation (February 18, 2026) and low detection rates (0/95 on VirusTotal), indicating it has evaded immediate scrutiny. Additionally, the use of NICENIC INTERNATIONAL GROUP CO., LIMITED as the registrar and a Let's Encrypt SSL certificate suggests an attempt to appear authentic while hosting malicious infrastructure at 188.114.96.3. These factors contribute to a high-risk profile despite the current lack of widespread detection.  

If you or your organization has visited slonl5.cc, immediately cease interaction with the site and assess whether credentials were entered. Revoke any exposed passwords immediately and enable multi-factor authentication (MFA) on affected accounts. Report the domain to your IT security team and monitor accounts for unauthorized access. Organizations should consider blocking slonl5.cc and IP 188.114.96.3 at the network perimeter to prevent further exposure. Vigilance is critical, as this domain may be part of a broader campaign targeting login credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-18 22:32:48
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/238fcead-516c-4c48-98c5-9a47a51b6aa4
- PhishDestroy: https://phishdestroy.io/domain/slonl5.cc/
- LLM endpoint: https://phishdestroy.io/domain/slonl5.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/slonl5.cc/
Last updated: 2026-03-29