# interactive-fox-944988.framer.app — MALICIOUS

> Beware: interactive-fox-944988.framer.app is a crypto drainer impersonating legitimate sites. This domain is flagged by 19/95 VirusTotal vendors and 2.

## Summary
PhishDestroy identifies interactive-fox-944988.framer.app as an active crypto drainer phishing domain designed to deceive users into connecting crypto wallets under the guise of legitimate services. This domain mimics trusted platforms to trick victims into approving malicious transactions that drain digital assets without consent. Security researchers have observed this threat escalating in sophistication, leveraging social engineering tactics to exploit user trust in familiar interfaces. The domain is currently unresolved to IP 31.43.160.6 and operates under a Let's Encrypt SSL certificate, which adds a false veneer of legitimacy to its operations. Users interacting with this domain risk immediate financial loss, as the crypto drainer executes unauthorized wallet connections and transfers upon approval.  This domain was flagged by 19 out of 95 VirusTotal security vendors, indicating a high detection rate among global threat intelligence platforms. It has also been blocked by OpenPhish and PhishingArmy, with confirmed listings on 2 separate security blocklists. While the domain’s creation details remain unverified in public WHOIS records, its recent activation and rapid inclusion on blocklists suggest an opportunistic campaign targeting unsuspecting users. The combination of a low-cost hosting environment (shared with other high-risk domains) and the use of legitimate SSL certificates highlights the adaptability of threat actors in evading basic security measures. This underscores the need for proactive verification rather than reliance on superficial trust indicators such as HTTPS.  If you have visited interactive-fox-944988.framer.app, immediately disconnect your crypto wallet from the site and revoke any unauthorized permissions through your wallet interface. Do not approve any pending transactions or interact further with the domain. PhishDestroy recommends running a security scan on your device using a trusted antivirus tool to detect any associated malware or browser extensions compromised by this threat. Report the domain to your wallet provider and consider transferring remaining assets to a new, isolated wallet as a precaution. Stay vigilant: always verify URLs through trusted sources such as PhishDestroy and avoid clicking links from unsolicited messages or advertisements.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 31.43.160.6

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/76e4a49e-5f24-4829-aab1-4163144686a1
- PhishDestroy: https://phishdestroy.io/domain/interactive-fox-944988.framer.app/
- LLM endpoint: https://phishdestroy.io/domain/interactive-fox-944988.framer.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/interactive-fox-944988.framer.app/
Last updated: 2026-03-27