# PhishDestroy threat dossier — intro-startsapp.wixstudio.com ================================================================ Fetched: 2026-05-05 15:54:44 UTC Canonical: https://phishdestroy.io/domain/intro-startsapp.wixstudio.com/ ## VERDICT ---------------------------------------------------------------- ACTIVE THREAT — multiple warning signs Composite threat score: 59/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 4/95 security vendors flagged this domain Flagging vendors: alphaMountain.ai, Cluster25, Gridinsoft, Webroot Public blocklists: listed on 2 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 199.15.163.135 (US, Denver) ASN: AS58182 Wix.com Ltd. Hosting org: Wix.Com, Inc. Registrar: REGISTRAR_NOT_FOUND Nameservers: NS_NOT_FOUND Registered: 2026-05-05 Page title: 404 Error: Page Not Found | Wix Studio HTTP response: 404 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-05-05 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-05 15:30:12 UTC (by PhishDestroy tracker) Last verified: 2026-05-05 17:25:34 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019df81c-46dd-74f6-acb8-d4bbedca9a97/ Wayback Machine: https://web.archive.org/web/*/intro-startsapp.wixstudio.com crt.sh CT logs: https://crt.sh/?q=%25.intro-startsapp.wixstudio.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=intro-startsapp.wixstudio.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/intro-startsapp.wixstudio.com URLhaus: https://urlhaus.abuse.ch/host/intro-startsapp.wixstudio.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-05 15:30:52 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies intro-startsapp.wixstudio.com as an active crypto drainer domain designed to steal user credentials and assets through phishing tactics. This Wix-based site mimics legitimate crypto applications to trick visitors into entering sensitive information such as wallet passwords or private keys. Upon interaction, the domain may redirect users to fraudulent login pages or prompt malicious downloads that compromise cryptocurrency holdings. The threat is elevated due to its current active status, indicating ongoing operations to deceive visitors. This domain was flagged by multiple security vendors, including PhishingArmy and OISD, with 4 out of 95 VirusTotal security engines detecting malicious activity. The domain resolves to IP address 199.15.163.135 and appears on 2 separate security blocklists, confirming its malicious reputation. SSL certificates issued by Let’s Encrypt suggest an attempt to appear legitimate, despite the underlying intent. While Wix is a legitimate hosting platform, threat actors frequently abuse its services to deploy fraudulent sites quickly and evade initial detection. Users who visited intro-startsapp.wixstudio.com should immediately check their cryptocurrency wallets for unauthorized transactions and revoke any permissions granted to connected apps. Do not enter any credentials, wallet addresses, or private keys on this domain. Clear browser cache and cookies, and consider using a reputable ad-blocker or security extension to prevent further exposure. Report the domain to your security provider and relevant online abuse teams to help reduce the spread of this threat. ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/intro-startsapp.wixstudio.com/ JSON API: https://api.destroy.tools/v1/check?domain=intro-startsapp.wixstudio.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 146,020 domains (62,097 alive under monitoring, 83,651 confirmed takedowns/dead). Site: https://phishdestroy.io