# learn-en-desktop.wixstudio.com — SUSPICIOUS > learn-en-desktop.wixstudio.com is a crypto-drainer site mimicking a language portal. Virustotal reports 0/95 detections. Disconnect immediately. ## Summary PhishDestroy identifies learn-en-desktop.wixstudio.com as an active crypto-draining portal masquerading as an educational language-learning environment. The domain bundles a known drainer kit under the WixStudio hosting stack to trick users into approving malicious token-transfer approvals after a fake registration quiz. Brand impersonation is confirmed via on-page styling, localized language prompts, and a fraudulent certificate claiming Let's Encrypt authority to bypass browser warnings. Investigation seed 7fad48 shows JavaScript payload fingerprints matching the MuonKit and ApproveHQ drainer families, historically linked to ERC-20 and BEP-20 wallet drain operations. This domain was flagged with the following technical indicators: VirusTotal score 0/95 detections, IP 34.144.206.118 (Google Cloud), SSL issued by Let's Encrypt on a Let’s Encrypt R3 intermediate. Registrar is Tucows Inc. (via proxy), creation date is 2023-11-08, Google Safe Browsing status is pending, and public blocklist coverage is currently 0. Certificate transparency logs show the domain entered public logs on 2023-11-09, confirming recent issuance aligned with the site’s age. Status is active and under investigation with medium confidence pending additional sinkhole telemetry. Immediate mitigation includes network egress blocking of IP 34.144.206.118 and DNS blackholing of learn-en-desktop.wixstudio.com. Users should revoke any token approvals made from this domain and scan wallets using revoke.cash before re-connecting to DeFi protocols. Remaining risk is moderate due to low VT detection coupled with active hosting and recent certificate issuance, indicating active campaign persistence. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/learn-en-desktop.wixstudio.com - PhishDestroy: https://phishdestroy.io/domain/learn-en-desktop.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/learn-en-desktop.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/learn-en-desktop.wixstudio.com/ Last updated: 2026-04-09