# alive-copy-027752.framer.app — MALICIOUS

> alive-copy-027752.framer.app hosts a dangerous Xfinity phishing page. Avoid it to protect your personal info and accounts.

## Summary
PhishDestroy identifies alive-copy-027752.framer.app as an actively dangerous phishing domain targeting Xfinity users. This website is designed to deceive visitors by mimicking a legitimate service, aiming to steal sensitive information such as login credentials, personal data, or financial details. The risk posed by this domain is high, as it remains active and is flagged by multiple security vendors.

This phishing operation works by presenting a fake Xfinity login page that appears authentic at first glance. Unsuspecting users who enter their email, password, or other personal data directly provide attackers with access to their accounts. The domain resolves to an IP address linked to suspicious activities, adding to its malicious profile. Attackers use this type of copycat website to trick victims into surrendering information that can be exploited for identity theft or financial fraud.

If you have visited alive-copy-027752.framer.app, it is critical to immediately cease any interaction with the site and avoid entering personal details. Users should change passwords for any potentially affected accounts, especially Xfinity or related services. Running a thorough malware scan on your devices and enabling multi-factor authentication can provide additional protection. Reporting this domain to your security team or service provider helps block further victimization.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: xfinity

## Domain Intelligence
- Registered: 2026-03-05 01:07:02
- IP: 31.43.160.6
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "G-Data", "Lionic", "Netcraft", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/20zpXYT1/0dae7b4ee74f.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/alive-copy-027752.framer.app
- Wayback Machine: https://web.archive.org/web/https://alive-copy-027752.framer.app
- PhishDestroy: https://phishdestroy.io/domain/alive-copy-027752.framer.app/
- LLM endpoint: https://phishdestroy.io/domain/alive-copy-027752.framer.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/alive-copy-027752.framer.app/
Last updated: 2026-03-19