# us05-webzoom.us — SUSPICIOUS

> us05-webzoom.us is a crypto drainer posing as a Zoom webinar host. VirusTotal flags 3/95 security vendors. Avoid this site completely.

## Summary
PhishDestroy identifies us05-webzoom.us as a crypto drainer actively impersonating a legitimate Zoom webinar platform to steal cryptocurrency funds. This domain mimics familiar video conferencing interfaces to trick users into connecting wallets or entering seed phrases, enabling unauthorized transfers from victim-controlled addresses. Security researchers and browser extensions like MetaMask have already flagged this domain as malicious, confirming its role in active cryptocurrency theft campaigns.  This domain was flagged by 3 out of 95 VirusTotal security vendors, registered through Cloudflare on March 24, 2026, and appears on multiple blocklists. The domain resolves to IP address 172.67.214.85 and holds a valid Let’s Encrypt SSL certificate, which may lend false legitimacy to unsuspecting users. Its recent creation date and association with Cloudflare registration suggest a short-lived campaign designed for rapid deployment and evasion of early detection systems.  If you visited us05-webzoom.us, immediately disconnect your wallet from any connected applications and revoke permissions through your wallet provider’s security settings. Do not enter any credentials or approve transactions. Run a full antivirus scan and clear browser cache and cookies. Report the domain to your antivirus provider and consider using a hardware wallet for future transactions to mitigate risk of unauthorized access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 22:31:03
- Registrar: Cloudflare, Inc.
- IP: 172.67.214.85

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/05f2b7c5-ed43-4a05-84eb-db59a5f220bc
- PhishDestroy: https://phishdestroy.io/domain/us05-webzoom.us/
- LLM endpoint: https://phishdestroy.io/domain/us05-webzoom.us/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us05-webzoom.us/
Last updated: 2026-03-27