# en-exdus.wixstudio.com — SUSPICIOUS > en-exdus.wixstudio.com is a fake login portal stealing credentials. Flagged by 2 of 95 VirusTotal scanners, it resolves to IP 34.144.206.118. ## Summary PhishDestroy identifies en-exdus.wixstudio.com as an active phishing site hosting a counterfeit login page designed to harvest usernames and passwords. Threat actors register look‑alike domains, mimic legitimate services, and trick visitors into entering credentials which are immediately harvested for account takeovers, identity theft, or sold on dark‑web markets. This domain was created to impersonate a trusted platform and currently remains online, serving malicious content to unsuspecting users. This domain was flagged by exactly 2 of 95 VirusTotal security vendors at the time of analysis and resolves to IP address 34.144.206.118. It uses a Let’s Encrypt SSL certificate to appear legitimate, but the mismatch between the domain name and the hosted service, combined with the low detection rate, indicates a newly deployed or carefully obfuscated threat. The low VT score does not reflect safety; it often signals that detection engines have not yet updated signatures for this specific payload. If you visited en-exdus.wixstudio.com and entered any login credentials, immediately change those passwords on the real service and enable multi‑factor authentication. Scan your device with updated antivirus software, check for unauthorized logins, and consider revoking any browser‑saved sessions tied to the stolen credentials. Report the incident to your organization’s security team or to the legitimate platform’s abuse desk. Do not re‑enter credentials on this domain under any circumstances. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3c2e0562-e835-45bc-9984-47cb2c397cf0 - PhishDestroy: https://phishdestroy.io/domain/en-exdus.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/en-exdus.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-exdus.wixstudio.com/ Last updated: 2026-03-23