# startfrom-slna.run — SUSPICIOUS

> PhishDestroy identifies startfrom-slna.run as a live credential-harvesting site. This Let's Encrypt domain, created March 17 2026, foists fake login forms.

## Summary
PhishDestroy identifies startfrom-slna.run as posing an elevated risk of credential theft via a generic phishing campaign.

This domain was flagged by 1 of 95 VirusTotal scanners, registered through PDR Ltd. d/b/a PublicDomainRegistry.com and resolving to IP 172.67.172.243. It went live on March 17 2026 and holds a Let’s Encrypt SSL certificate, yet carries negligible trust across blocklists and security services.

Users should treat startfrom-slna.run as hostile and refrain from any form submissions. Block the domain at DNS or firewall level and clear cookies related to the site if accidentally visited. Report the domain to your security team and nearest anti-phishing clearinghouse to prevent further exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 14:11:45
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.172.243

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5367b424-561a-41b7-9644-1c821476bf0a
- PhishDestroy: https://phishdestroy.io/domain/startfrom-slna.run/
- LLM endpoint: https://phishdestroy.io/domain/startfrom-slna.run/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/startfrom-slna.run/
Last updated: 2026-03-22