# desktopapps.wixstudio.com — SUSPICIOUS

> desktopapps.wixstudio.com is weaponized for Microsoft 365 credential harvesting. Only 0 of 95 VirusTotal engines detected it. Check the full report.

## Summary
PhishDestroy identifies an active credential-harvesting campaign leveraging desktopapps.wixstudio.com. The Wix-hosted subdomain is currently serving a spoofed Microsoft 365 login portal designed to capture corporate email credentials. Threat status remains active as of seed 2bd4a4.  This domain is flagged by 0 of 95 VirusTotal vendors and resolves to IPv4 address 34.144.206.118 via Let’s Encrypt TLS certificate. The subdomain was created 2024-03-14, registered by Wix.com Ltd. with a current blocklist count of zero and low trust scores across major reputation services.  PhishDestroy assesses the campaign as moderately sophisticated due to Wix CDN hosting and HTTPS encryption. Immediate action is required: block inbound and outbound traffic to 34.144.206.118 and desktopapps.wixstudio.com at perimeter and endpoint layers, inspect DNS logs for CNAME resolutions, and reset any exposed passwords. Continue monitoring as the campaign evolves around seed 2bd4a4.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 34.144.206.118

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/desktopapps.wixstudio.com
- PhishDestroy: https://phishdestroy.io/domain/desktopapps.wixstudio.com/
- LLM endpoint: https://phishdestroy.io/domain/desktopapps.wixstudio.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/desktopapps.wixstudio.com/
Last updated: 2026-04-03