# emansaridin.live — SUSPICIOUS > PhishDestroy warns: emansaridin.live impersonates the Zoom Workplace login page to steal credentials. Verify this domain before clicking — 0/95 VirusTotal. ## Summary PhishDestroy identifies emansaridin.live as a suspected phishing domain impersonating the Zoom Workplace login interface to harvest user credentials. The domain carries an under-investigation risk level and exhibits behavior consistent with generic phishing attacks targeting remote communication platform users. Technical analysis reveals multiple red flags including mismatched branding, recently registered domain age, and reliance on a well-known but misused registrar infrastructure. This domain was flagged based on several critical indicators. VirusTotal shows 0 out of 95 detection engines flagging this host as malicious, indicating it currently sits below standard detection thresholds despite suspicious behavior. The domain resolves to IP 15.197.225.128 using infrastructure associated with GoDaddy.com, LLC, a common registrar leveraged in both legitimate and malicious domain registrations. Registered just days ago on January 17, 2025, the domain appears freshly minted, a tactic often used in credential harvesting campaigns to avoid historical reputation filtering. Although SSL is enabled via GoDaddy-issued certificate, this does not validate legitimacy as certificates are easily obtainable. The title “Join from Zoom Workplace app - Zoom” mirrors official Zoom communication templates to deceive users into entering login credentials on a fraudulent interface. Immediate mitigation is required to prevent credential theft. Users should never enter login credentials on unfamiliar domains, especially those resembling Zoom or other collaboration tools. Verify URLs using PhishDestroy or other trusted scanners before interaction. Organizations should update DNS filtering rules to block traffic to 15.197.225.128 and monitor for any unauthorized access attempts using Zoom or related services. Since the domain is not yet widely blocked, proactive verification remains the most effective defense against this evolving phishing threat. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: Join from Zoom Workplace app - Zoom ## Domain Intelligence - Registered: 2025-01-17 22:19:25 - Registrar: GoDaddy.com, LLC - IP: 15.197.225.128 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/be0ec6de-c1c9-49fc-b17b-19fe46a16064 - PhishDestroy: https://phishdestroy.io/domain/emansaridin.live/ - LLM endpoint: https://phishdestroy.io/domain/emansaridin.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/emansaridin.live/ Last updated: 2026-03-28