# webzoominvite05za.us — SUSPICIOUS > PhishDestroy identifies webzoominvite05za.us as an active MetaMask phishing domain. Flagged by 1 of 95 vendors on VirusTotal. Check the full report. ## Summary PhishDestroy identifies the domain webzoominvite05za.us as an active MetaMask impersonation phishing campaign targeting cryptocurrency users. The campaign is currently operational and designed to deceive victims into revealing sensitive wallet credentials or transferring funds under false pretenses. This threat is classified as elevated due to its active status, the use of HTTPS, and its partial evasion of detection mechanisms. This domain was flagged by 1 of 95 VirusTotal security vendors, resolving to IP address 89.163.155.33 and registered through NameSilo, LLC. The domain was created on March 26, 2026, and appears on two public blocklists, indicating a recent and rapidly expanding campaign. The SSL certificate, issued by Let’s Encrypt, adds a veneer of legitimacy to the phishing site, while its low detection rate further highlights the sophistication of the operation. While this domain is already blocked by MetaMask and the SEAL security consortium, users should remain vigilant for similar campaigns leveraging impersonation tactics. PhishDestroy advises avoiding interactions with this domain and similar sites, verifying URLs before entering credentials, and using hardware wallets or phishing-resistant authentication methods. Organizations should update their threat intelligence feeds to include this domain and monitor for related infrastructure. Immediate action includes blocking the domain at network and endpoint levels. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-26 07:17:19 - Registrar: NameSilo, LLC - IP: 89.163.155.33 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/af578164-8d0b-47ab-b454-16aca029052a - PhishDestroy: https://phishdestroy.io/domain/webzoominvite05za.us/ - LLM endpoint: https://phishdestroy.io/domain/webzoominvite05za.us/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/webzoominvite05za.us/ Last updated: 2026-03-27