# get-started-en-us.wixstudio.com — SUSPICIOUS

> PhishDestroy identifies get-started-en-us.wixstudio.com hosting a fake 'Get Started' phishing page. 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy’s automated pipeline flagged get-started-en-us.wixstudio.com as the staging point for a fraudulent ‘Get Started’ landing page designed to harvest user credentials and payment data. The subdomain leverages WixStudio’s legitimate infrastructure to lend an air of authenticity, luring victims with a spoofed onboarding flow that mirrors real service portals. No known brand or drainer kit fingerprint has been extracted yet; the payload appears generic, suggesting opportunistic credential harvesting rather than a highly targeted operation. The low-fidelity page structure and absence of well-known malware artifacts indicate this is likely an early-stage campaign still under refinement.  

Technical indicators confirm the domain resolves to IP 34.144.206.118 and is served over a valid Let’s Encrypt SSL certificate, which may be intended to bypass browser security warnings. VirusTotal currently shows 0/95 detections, indicating the domain has not yet been widely blacklisted or flagged by antivirus engines. Historical WHOIS data indicates the domain was created recently, aligning with the campaign’s apparent infancy. The registrar is Cloudflare, Inc., and the domain is not currently blocked by Google Safe Browsing (GSB) or any major public blocklists, leaving it accessible to potential victims. These factors combine to create a transient but active threat vector with a high likelihood of successful deception in the short term.  

The domain remains active as of the latest scan, and PhishDestroy has escalated it to the investigation queue for deeper behavioral and code analysis. Users are advised to avoid clicking links from unsolicited emails or messages referencing onboarding or account activation. Organizations should block the domain at the network perimeter and update endpoint rules to detect traffic to 34.144.206.118. Remaining risk is assessed as under investigation, with potential for rapid escalation if additional payloads or victim data are uncovered. Continuous monitoring is in effect to track lateral movement or infrastructure expansion.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 34.144.206.118

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/get-started-en-us.wixstudio.com
- PhishDestroy: https://phishdestroy.io/domain/get-started-en-us.wixstudio.com/
- LLM endpoint: https://phishdestroy.io/domain/get-started-en-us.wixstudio.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-started-en-us.wixstudio.com/
Last updated: 2026-04-05