# PhishDestroy threat dossier — browser-base-apps.wixstudio.com ================================================================ Fetched: 2026-05-21 00:12:12 UTC Canonical: https://phishdestroy.io/domain/browser-base-apps.wixstudio.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 82/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Base ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, CRDF ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 34.144.206.118 (US, Kansas City) ASN: AS396982 Google LLC Hosting org: Google Cloud Registrar: GoDaddy.com, LLC Nameservers: ["dns1.p08.nsone.net", "dns2.p08.nsone.net", "dns3.p08.nsone.net", "dns4.p08.nsone.net"] Registered: 2026-05-06 Page title: 404 Error: Page Not Found | Wix Studio HTTP response: 404 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R13 Expires: 2026-07-29 Status: INVALID chain Fingerprint: c2c2f0e645b35156ce5cf39339fbe5ae5ffb02446fe2aeb96da83b6fe9b20ad4 Subject Alternative Names (related infrastructure — often same operator): - wixstudio.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-05-06 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-06 22:38:15 UTC (by PhishDestroy tracker) Last verified: 2026-05-16 11:37:12 UTC Neutralised: 2026-05-07 04:35:18 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dfeca-824e-735b-ac4b-b6892ee650ae/ Wayback Machine: https://web.archive.org/web/*/browser-base-apps.wixstudio.com crt.sh CT logs: https://crt.sh/?q=%25.browser-base-apps.wixstudio.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=browser-base-apps.wixstudio.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/browser-base-apps.wixstudio.com URLhaus: https://urlhaus.abuse.ch/host/browser-base-apps.wixstudio.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-06 22:40:03 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies browser-base-apps.wixstudio.com as an active crypto drainer impersonating legitimate browser-based applications. This domain leverages deceptive branding to trick users into connecting cryptocurrency wallets or inputting seed phrases under the guise of downloading or updating software. The threat actor likely uses social engineering tactics—such as fake ads, spoofed support pages, or compromised legitimate websites—to redirect traffic to this fraudulent Wix-hosted page. Once users engage, the site may execute malicious JavaScript to drain connected wallets via clipboard hijacking, phishing forms, or hidden iframe overlays that intercept wallet connections. Security researchers have observed similar campaigns targeting crypto users with domains hosted on reputable platforms like Wix to bypass traditional web filtering solutions. This domain was flagged by PhishDestroy with a current status of active and under investigation. It resolves to IP 34.144.206.118 and uses a valid SSL certificate issued by Let’s Encrypt, which may help it evade basic browser warnings. VirusTotal currently shows 0 detections out of 95 security engines, indicating low detection coverage despite clear malicious intent. The domain was created recently and is hosted on Wix’s Studio platform, a common choice for phishing operators due to its ease of setup and legitimate appearance. While the registrar information is not provided, the use of Wix infrastructure suggests a preference for abusing trusted hosting environments to host malicious content. The lack of detections highlights the importance of proactive threat intelligence over reactive scanning. If you have visited browser-base-apps.wixstudio.com, disconnect any cryptocurrency wallets immediately and revoke any unauthorized connections through your wallet’s interface. Do not enter any seed phrases, private keys, or wallet passwords on this site. Clear your browser cache and consider running a full antivirus scan. Report the domain to your browser’s safe browsing program and to PhishDestroy using the unique seed b0e56e. Avoid clicking on any links or ads that lead to this domain, and warn others in your network who may have been targeted by similar crypto drainer campaigns. Always verify software sources directly from official websites and use hardware wallets or multi-factor authentication for crypto transactions. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: 2cc41790ef81b3ad77d17412bd7697b9 TLS cert SHA-256: c2c2f0e645b35156ce5cf39339fbe5ae5ffb02446fe2aeb96da83b6fe9b20ad4 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/browser-base-apps.wixstudio.com/ JSON API: https://api.destroy.tools/v1/check?domain=browser-base-apps.wixstudio.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 152,163 domains (42,913 alive under monitoring, 108,966 confirmed takedowns/dead). Site: https://phishdestroy.io