# relieved-software-706324.framer.app — MALICIOUS

> relieved-software-706324.framer.app is linked to high-risk phishing targeting Xfinity users. Stay alert and avoid entering credentials on this site.

## Summary
PhishDestroy has identified relieved-software-706324.framer.app as a high-risk phishing domain impersonating the Xfinity sign-in portal. The site attempted to deceive users into submitting sensitive login information, posing a generic phishing threat primarily aimed at credential theft. This tactic aligns with common fraudulent schemes designed to exploit user trust through imitation of reputable services.

The domain was registered recently on March 11, 2026, and resolved to the IP address 31.43.160.6. It appeared on one security blocklist, and VirusTotal analysis flagged it by 12 out of 95 security vendors, reinforcing its malicious classification. The fraudulent page title mimicked 'Xfinity Sign In,' further indicating its intent to mislead users into believing it was a legitimate authentication page. The domain was hosted on the framer.app platform, which is occasionally abused for phishing campaigns due to ease of setup and anonymity.

Currently, relieved-software-706324.framer.app is offline, mitigating immediate risks. Users are advised to remain cautious of unsolicited links claiming to be from Xfinity or other service providers. To protect sensitive information, refrain from entering credentials on suspicious pages and verify URLs carefully. Organizations should update phishing filters and educate users about this threat to prevent potential compromise. PhishDestroy continues monitoring for any resurgence or related domains leveraging similar tactics.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: Xfinity Sign In

## Domain Intelligence
- Registered: 2026-03-11 01:07:01
- IP: 31.43.160.6
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["BitDefender", "Cluster25", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "G-Data", "Lionic", "Netcraft", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cda4c-b6ec-725f-b419-3b6a6a238852.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/69f755d3-561c-4cf0-9f93-4b04233024a7
- PhishDestroy: https://phishdestroy.io/domain/relieved-software-706324.framer.app/
- LLM endpoint: https://phishdestroy.io/domain/relieved-software-706324.framer.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/relieved-software-706324.framer.app/
Last updated: 2026-03-19