# io-en-starts.wixstudio.com — SUSPICIOUS > io-en-starts.wixstudio.com hosts a Microsoft-themed phishing page, active with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies io-en-starts.wixstudio.com as a recently active phishing domain impersonating Microsoft login portals, likely leveraging a generic drainer kit to harvest credentials. The domain’s structure suggests a staged attack, with the WixStudio hosting service exploited to deploy the fraudulent content under the guise of a legitimate platform. While the specific drainer kit remains unverified, the page’s naming convention (io-en-starts) aligns with common phishing tactics mimicking Microsoft’s authentication flows. No affiliation with Microsoft or Wix has been confirmed, reinforcing its malicious intent. Technical indicators reveal a stealthy configuration: the domain resolves to IP 34.144.206.118 and operates under a Let’s Encrypt SSL certificate, which may lull victims into a false sense of security. VirusTotal currently flags the domain with 0/95 detections, indicating it has evaded signature-based defenses thus far. The domain’s registrar remains undisclosed in public records, and its creation date is pending further OSINT analysis. Google Safe Browsing (GSB) has not yet flagged the domain, and it does not appear on major blocklists like PhishTank or OpenPhish. This combination of low detection rates and absent blocklist entries underscores a heightened risk of successful exploitation. As of this advisory, io-en-starts.wixstudio.com remains active and under active threat investigation. PhishDestroy recommends immediate network-level blocking of the associated IP (34.144.206.118) and domain to mitigate potential compromise. Users should exercise heightened scrutiny for unsolicited login prompts, especially those claiming to originate from Microsoft services. While the risk level is currently marked as 'under_investigation,' the lack of early warnings from security tools suggests a need for proactive defenses, including DNS filtering and user awareness training. Remaining risk hinges on the threat actor’s operational pace—historical trends indicate such domains pivot quickly to avoid detection, necessitating swift containment. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e715b29c-f36c-4a13-8007-8bbe1d52bcfe - PhishDestroy: https://phishdestroy.io/domain/io-en-starts.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/io-en-starts.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/io-en-starts.wixstudio.com/ Last updated: 2026-04-12