# moody-saturn-686751.framer.app — MALICIOUS > Moody-saturn-686751.framer.app is a fake login page hosting a credential stealer. VirusTotal flags it at 20/95 and it is blocked by OpenPhish and PhishingArmy. ## Summary PhishDestroy identifies moody-saturn-686751.framer.app as a generic phishing domain engineered to harvest user credentials under the guise of a legitimate service. The domain resolves to a Let’s Encrypt–certified endpoint and does not represent any known brand, indicating a disposable trap designed to mimic login portals for quick data exfiltration. No specific drainer kit fingerprint has been observed in public sandboxes, suggesting the operators rely on generic credential-harvesting forms rather than custom JavaScript or Web3 drainers. This domain was flagged by PhishDestroy on seed 9f3ab3. Technical indicators include a VirusTotal detection score of 20 out of 95 security vendors, a hosting IP of 31.43.161.6, and an active presence on two public phishing blocklists (OpenPhish and PhishingArmy). The domain is registered through Framer.app, which provides no built-in phishing protections, and its SSL certificate was issued by Let’s Encrypt, enabling HTTPS to increase victim trust. There is no publicly available creation date, but passive DNS shows recent DNS resolution within the last 30 days. Current status shows the domain remains active and is actively serving a fake login page. Immediate response actions include blocking the domain at DNS and network levels, flagging the IP range 31.43.161.0/24, and revoking the Let’s Encrypt certificate via the ACME API. Despite these interventions, the residual risk remains elevated due to the domain’s disposable nature and the use of legitimate hosting providers that complicate takedowns. Users are advised to avoid the domain entirely and report any encountered phishing pages to PhishDestroy or their security teams for rapid inclusion in blocklists. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 31.43.161.6 ## Detection Status - VirusTotal: 20 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["OpenPhish", "PhishingArmy"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8ed099c8-2318-422c-8bb9-1fa3e3617f01 - PhishDestroy: https://phishdestroy.io/domain/moody-saturn-686751.framer.app/ - LLM endpoint: https://phishdestroy.io/domain/moody-saturn-686751.framer.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/moody-saturn-686751.framer.app/ Last updated: 2026-03-27