# us05web.zoom.us — SUSPICIOUS > PhishDestroy identifies us05web.zoom.us as a Zoom-themed phishing domain with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies us05web.zoom.us as an active domain currently under investigation for generic phishing activity designed to mimic legitimate Zoom webinar and meeting login pages. This domain leverages the trusted Zoom.us subdomain framework to deceive users into entering their credentials under the false pretense of joining a scheduled online event or webinar. The use of a legitimate-looking subdomain (us05web.zoom.us) combined with the absence of immediate detection by security engines poses a credible threat to users accustomed to relying on Zoom-branded domains for professional and personal communications. This domain exhibits several concerning attributes that warrant heightened vigilance. VirusTotal currently returns 0 detections out of 95 scanning engines, indicating that traditional antivirus and security platforms have not yet recognized this domain as malicious. The SSL certificate is issued by DigiCert Inc, a reputable Certificate Authority, which may further enhance its perceived legitimacy among users. However, the presence of a valid SSL certificate does not confirm the domain's safety, as threat actors frequently exploit trusted authorities to cloak malicious intent. Further investigation reveals that the domain resolves to infrastructure associated with Zoom’s legitimate services, suggesting possible abuse of Zoom’s subdomain delegation policy. While the exact creation date and registrar information are not disclosed in the provided intelligence, the lack of blocklist presence and low detection rate on VirusTotal suggests this domain may be newly leveraged or recently weaponized. Security researchers are advised to monitor this domain closely as it may be part of a larger campaign targeting users during periods of increased remote collaboration. To mitigate the risk associated with us05web.zoom.us, users and organizations are strongly encouraged to adopt multi-layered defensive measures. First, verify the legitimacy of any Zoom meeting or webinar link by cross-referencing the meeting ID and host details via the official Zoom application or website before entering credentials. Never rely solely on visual cues such as SSL certificates or subdomain structure. Second, enable multi-factor authentication (MFA) on all Zoom accounts to add an additional layer of security in the event credentials are compromised. Third, implement DNS filtering and browser-based protections that can block access to newly registered or low-reputation domains mimicking trusted services. Finally, report suspicious domains to cybersecurity teams and contribute anonymized telemetry to threat intelligence platforms to enhance collective defense. Given the current status of under investigation and the absence of automated detection, manual scrutiny and proactive user education remain critical in preventing successful phishing attacks via this domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cd937a73-7d28-439a-be60-dddce2c2bb87 - PhishDestroy: https://phishdestroy.io/domain/us05web.zoom.us/ - LLM endpoint: https://phishdestroy.io/domain/us05web.zoom.us/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/us05web.zoom.us/ Last updated: 2026-03-22