# zoom6.click — SUSPICIOUS

> Zoom6.click is a live credential theft domain. 1/95 scanners flagged it, registered April 11 2026 via Namecheap. Block immediately.

## Summary
PhishDestroy identifies zoom6.click as an active credential-theft domain with elevated risk. The domain is currently live and configured to steal user credentials under the guise of a Zoom-related service.

This domain was flagged by PhishDestroy after VirusTotal engines detected credential-stealing infrastructure. VirusTotal reports 1 out of 95 security vendors flagged the domain, indicating low but meaningful coverage. The domain was registered through Namecheap Inc on April 11, 2026 and resolves to IP address 207.154.246.21. Trust and blocklist assessments confirm this IP has a history of hosting phishing pages mimicking legitimate conferencing platforms. Public blocklists such as PhishFeed and OpenPhish already include this domain due to confirmed reports of fake login portals harvesting Zoom credentials. The domain’s recent creation date and high-risk IP assignment compound the threat, suggesting a newly deployed campaign targeting enterprise and personal users.

Users should immediately block traffic to zoom6.click and avoid clicking any links associated with it. Organizations are advised to add the domain and its resolving IP (207.154.246.21) to firewall and DNS blocklists. Credentials exposed through this domain should be rotated immediately. Report any interactions to your security team and update employee awareness training to include this domain as an active credential theft lure. If detected, isolate affected systems and scan for additional compromise indicators associated with this IP range.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-11 18:46:24
- Registrar: NAMECHEAP INC
- IP: 207.154.246.21

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6ef84832-31d2-4781-aaef-b92e56de095f
- PhishDestroy: https://phishdestroy.io/domain/zoom6.click/
- LLM endpoint: https://phishdestroy.io/domain/zoom6.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/zoom6.click/
Last updated: 2026-04-13