# zoom6.sbs — SUSPICIOUS

> zoom6.sbs is a high-risk URL shortener that steals login credentials. VirusTotal flags only 1 of 95 engines, leaving most unaware.

## Summary
PhishDestroy identifies zoom6.sbs as an active credential-stealing phishing portal impersonating a URL shortener service. The domain leverages a deceptive UI to harvest victims’ account details under the guise of shortening links, likely targeting users expecting legitimate Zoom-related resources. No known brand or drainer kit was directly observed in public sandboxes, but the service’s behavior aligns with generic credential phishing operations observed across similar rogue shorteners.


Technical indicators confirm high risk: the domain resolves to IP 172.67.189.199, is registered through NAMECHEAP INC, and carries a Let’s Encrypt SSL certificate. PhishDestroy notes that zoom6.sbs was created on April 11, 2026, and currently shows a VirusTotal detection score of 1/95 security vendors. The domain is not flagged by Google Safe Browsing and is not widely listed on public blocklists, increasing its potential reach into unsuspecting user traffic.


Current status of zoom6.sbs remains active and unblocked across major browsers and networks. No direct takedown has been recorded by hosting providers or registrars. Immediate action is required: users should avoid visiting the site, report it to their security teams, and configure network defenses to block both the domain and IP. Remaining risk is high due to low detection coverage, unpatched user awareness, and minimal blocklist presence. Proactive blocking is strongly recommended to prevent account compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Page title: zoom6.sbs URL Shortener

## Domain Intelligence
- Registered: 2026-04-11 18:21:44
- Registrar: NAMECHEAP INC
- IP: 172.67.189.199

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cd3b2437-eced-4a9e-a884-0d0a657cab56
- PhishDestroy: https://phishdestroy.io/domain/zoom6.sbs/
- LLM endpoint: https://phishdestroy.io/domain/zoom6.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/zoom6.sbs/
Last updated: 2026-04-13