# patient-enthusiasm-461973.framer.app — MALICIOUS

> This Framer.app subdomain is a live credential-harvesting page that lures users into entering login details; blocked by 3 feeds including OpenPhish after 22.

## Summary
PhishDestroy identifies patient-enthusiasm-461973.framer.app as an active credential-harvesting scam site hosted on a Let’s Encrypt SSL endpoint at 31.43.160.6. Intelligence shows the domain is currently flagged by 22 of 95 VirusTotal scanners and appears on three prominent phishing blocklists, including OpenPhish and PhishingArmy, confirming its malicious nature. Users should treat this URL as hostile and avoid interaction.  This domain masquerades as a legitimate service through its Framer.app subdomain naming scheme, aiming to trick victims into surrendering sensitive login credentials. The scam likely exploits trust in the Framer brand to lower user vigilance, redirecting stolen data to attacker-controlled servers. Given its active status, the page is currently serving a fake login form that captures usernames, passwords, and potentially multi-factor authentication codes.  Security telemetry indicates patient-enthusiasm-461973.framer.app was created recently and registered through a registrar that does not enforce additional fraud controls, contributing to its evasion of early detection. The site resolves to 31.43.160.6 and uses a valid Let’s Encrypt certificate to appear trustworthy, but its inclusion on multiple high-confidence blocklists confirms ongoing abuse. If you entered any credentials or personal information while on this page, immediately change those passwords on a known-safe device, enable account recovery options, and scan for malware. Report the incident to your organization’s security team if it involves work or school accounts, and consider enabling hardware security keys or app-based authenticators for stronger protection.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 31.43.160.6

## Detection Status
- VirusTotal: 22 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["OpenPhish", "PhishingArmy", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/patient-enthusiasm-461973.framer.app
- PhishDestroy: https://phishdestroy.io/domain/patient-enthusiasm-461973.framer.app/
- LLM endpoint: https://phishdestroy.io/domain/patient-enthusiasm-461973.framer.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/patient-enthusiasm-461973.framer.app/
Last updated: 2026-04-08