# attractive-states-704494.framer.app — SUSPICIOUS > attractive-states-704494.framer.app exposed as fake investment scam, flagged by 3 blocklists. Check the full report. ## Summary PhishDestroy identifies attractive-states-704494.framer.app as an active fake investment scam site under investigation for phishing activities. The domain is currently unresolved by VirusTotal with 0/95 detections, indicating it has evaded immediate automated detection despite being listed on three security blocklists: OpenPhish, PhishingArmy, and OISD. This domain resolves to IP 31.43.160.6 and uses a Let's Encrypt SSL certificate, which may lend false credibility to unsuspecting users. The absence of detections on VirusTotal suggests a need for manual review and proactive blocking by security teams. This domain was flagged by security researchers due to its association with fraudulent investment schemes, specifically targeting individuals seeking financial opportunities. Key technical indicators include its recent creation date (exact date undisclosed), resolution to a high-risk IP address (31.43.160.6), and the use of a widely trusted but easily obtainable SSL certificate. Trust scores are critically low, as evidenced by its presence on three prominent blocklists. The combination of these factors—low detection rates, high-risk hosting, and known phishing associations—elevates the risk profile of this domain to an active threat requiring immediate attention. To mitigate exposure to this fake investment scam, organizations and individuals should implement domain blocking for attractive-states-704494.framer.app and IP 31.43.160.6 at the network perimeter. Security teams should configure firewalls, DNS filters, and endpoint protection to block traffic to this domain. Additionally, users should be warned against engaging with unsolicited investment offers or clicking links from unknown sources. Immediate reporting to cybersecurity platforms like OpenPhish or PhishingArmy can help improve detection rates and prevent further victimization. Proactive monitoring for similar domains using the same IP or SSL certificate is also recommended to identify related fraudulent activities. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 31.43.160.6 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["OpenPhish", "PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/attractive-states-704494.framer.app - PhishDestroy: https://phishdestroy.io/domain/attractive-states-704494.framer.app/ - LLM endpoint: https://phishdestroy.io/domain/attractive-states-704494.framer.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/attractive-states-704494.framer.app/ Last updated: 2026-04-06