# eedocs.framer.website — MALICIOUS

> Stay protected online. Learn why eedocs.framer.website is flagged for phishing and what steps to take to ensure your digital safety.

## Summary
PhishDestroy identifies eedocs.framer.website as a high-risk generic phishing domain designed to deceive users by mimicking legitimate services. The site’s page title, "My EE," suggests an attempt to impersonate the EE communications brand, potentially tricking users into submitting sensitive personal or financial information. Such tactics are common in phishing campaigns aimed at harvesting credentials or deploying malware.

The domain was registered through CSC Corporate Domains Inc. on November 19, 2021, and resolves to the IP address 52.223.52.2. VirusTotal scans reveal that 11 out of 95 security vendors have flagged this domain, and it currently appears on one security blocklist. These indicators highlight the domain’s malicious intent and its association with phishing infrastructure. The use of a legitimate-sounding page title further supports the likelihood of social engineering attacks.

Currently, eedocs.framer.website has been taken offline, mitigating immediate risk to users. PhishDestroy recommends maintaining vigilance by avoiding interaction with suspicious URLs and verifying the authenticity of emails or messages referencing EE or similar brands. Users should also employ updated security software and report any phishing attempts encountered. Continued monitoring of related domains is advised to prevent future threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: My EE

## Domain Intelligence
- Registered: 2021-11-19 16:04:21
- Expires: 2026-11-19 23:59:59
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 52.223.52.2
- IP Country: US
- IP City: Seattle
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns-1243.awsdns-27.org ns-1818.awsdns-35.co.uk ns-336.awsdns-42.com ns-792.awsdns-35.net
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199e8a6-4d87-72bc-9d8a-7d615707b204.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2e856f90-8775-4766-b83e-6d2a56241ef0
- Wayback Machine: https://web.archive.org/web/https://eedocs.framer.website
- PhishDestroy: https://phishdestroy.io/domain/eedocs.framer.website/
- LLM endpoint: https://phishdestroy.io/domain/eedocs.framer.website/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eedocs.framer.website/
Last updated: 2026-03-19