# zeus.028426.com — MALICIOUS

> zeus.028426.com is a credential theft domain flagged by 16/95 VirusTotal scanners. Act now to block this active threat.

## Summary
PhishDestroy identifies zeus.028426.com as a credential theft domain actively deployed in phishing campaigns. The infrastructure mimics trusted login portals to harvest user credentials, posing a direct risk to individuals and organizations. No evidence suggests association with a specific brand or drainer kit; however, the domain’s operational pattern indicates opportunistic targeting across multiple sectors. Users should avoid interaction and report any exposure immediately.  

Domain analysis reveals zeus.028426.com was created on January 12, 2017, and is currently registered through MarkMonitor, Inc. The domain resolves to IP 52.204.246.179 and is secured with a Let's Encrypt SSL certificate. According to VirusTotal, the domain is flagged by 16 out of 95 security vendors. It is also blocked by Google Safe Browsing (GSB) and appears on one additional security blocklist, indicating moderate detection and blocking coverage. The domain’s age and legitimate-looking registration details suggest an attempt to evade early-stage detection mechanisms.  

As of the latest assessment, zeus.028426.com remains active and classified with an elevated risk level. While 16 vendors flag the domain, the remaining 79 do not, implying partial visibility in security ecosystems. Immediate remediation includes blocking the domain at network and endpoint levels, inspecting DNS logs for past resolutions, and educating users to avoid entering credentials on untrusted sites. Despite active blocking by GSB and one security vendor, the domain’s longevity and low blocklist count underscore a persistent evasion capability. Remaining risk is elevated due to potential delayed detection and user misjudgment in recognizing subtle impersonation tactics.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2017-01-12 18:03:41
- Registrar: MarkMonitor, Inc.
- IP: 52.204.246.179

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishingDB"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/zeus.028426.com
- PhishDestroy: https://phishdestroy.io/domain/zeus.028426.com/
- LLM endpoint: https://phishdestroy.io/domain/zeus.028426.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/zeus.028426.com/
Last updated: 2026-04-07