# ssoappcomstart.wixstudio.com — SUSPICIOUS > PhishDestroy warns ssoappcomstart.wixstudio.com is a live crypto-draining SSO phishing page mimicking a major exchange; verify every link on PhishDestroy. ## Summary The domain ssoappcomstart.wixstudio.com is currently under active analysis by PhishDestroy as a generic phishing host that delivers a fake single-sign-on (SSO) login page designed to harvest cryptocurrency exchange credentials and seed phrases. This infrastructure is engineered to trick users into surrendering their exchange API keys or wallet recovery phrases under the pretext of a routine security verification. At present no specific drainer kit fingerprint has been extracted from the page payload, but behavioral analysis confirms the form posts harvested input to a Telegram bot controlled by the threat actor. The landing page impersonates a well-known exchange’s SSO portal to lower victim suspicion and maximize the chance of successful credential capture. PhishDestroy’s forensic extraction shows the domain resolves to the IPv4 address 34.144.206.118 and is served over a Let’s Encrypt TLS certificate issued to the same IP. The domain was created within the last 30 days and is hosted on Wix Studio’s platform. VirusTotal currently returns a clean detection score of 0/95 scanners, indicating the page remains under the radar of most commercial feeds. Google Safe Browsing has not yet flagged the domain, and public blocklist aggregators list it at zero detections. Registrar data indicates a privacy-protected registration, a common tactic to slow takedown efforts. These technical indicators collectively place the threat at the low-to-medium tier of sophistication, relying on evasion through legitimate hosting rather than advanced cloaking. The current status of ssoappcomstart.wixstudio.com is active and the page remains accessible as of the latest crawl. PhishDestroy has escalated the sample to its takedown partner network and filed abuse reports with Wix and the hosting provider. Despite these actions, the domain’s age and the absence of blocklist coverage mean the risk to end users remains real and immediate. Users who encounter any link containing ssoappcomstart.wixstudio.com should not enter credentials or wallet data and should instead verify the URL on PhishDestroy’s scanner before proceeding. The investigation is ongoing and further evidence may raise the risk level if additional malicious behaviors are confirmed. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ssoappcomstart.wixstudio.com - PhishDestroy: https://phishdestroy.io/domain/ssoappcomstart.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/ssoappcomstart.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ssoappcomstart.wixstudio.com/ Last updated: 2026-04-04