MalwareTips
Security Review

Is aware-assistant-407030.framer.app legit or a scam?

Our verdict:Dangerous· 1/100

Xfinity credential-harvesting phishing page hosted on Framer subdomain; flagged by Fortinet, Kaspersky, and LevelBlue as phishing.

Top reasons
Xfinity login form rendered on a Framer-hosted page, not Xfinity's legitimate infrastructure — classic phishing pattern.Three antivirus engines (Fortinet, Kaspersky, LevelBlue) independently flagged the URL as phishing.Credential-collection form (email, mobile, username, password) designed to harvest Xfinity account credentials.
aware-assistant-407030.framer.appScanned 4d ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 12
Category tags
phishing#Phishing#Clone Site95% MT confidence
Technical red flags (1)
3 of 92 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
6 years old
Registered Oct 2, 2020
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Critical risk detected

3 of 92 antivirus engines flag this page as malicious. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of aware-assistant-407030.framer.app
LIVE RENDER
aware-assistant-407030.framer.app
1Visual risk score 72/100

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

72
/ 100
High visual risk

Visual red flags detected in the screenshot

The page visually replicates Xfinity's login UI but is hosted on Framer (evidenced by the 'Made in Framer' badge), which is inconsistent with legitimate Xfinity infrastructure; the credential-collection form on a third-party-built page is a strong phishing indicator.

Visual risk72/100

What our vision model saw

5 signals

Xfinity-branded login form (email/password fields with 'example@comcast.net' placeholder) is rendered inside what appears to be a Framer-built page, as indicated by the 'Made in Framer' badge in the b

No visible URL bar is present to confirm the domain, making it impossible to verify this is xfinity.com; the Framer badge strongly suggests a third-party hosted page impersonating Xfinity.

The layout combines a credential-harvesting login panel on the left with a promotional marketing panel on the right — an unusual split not matching Xfinity's standard sign-in page design.

The login form collects Xfinity account credentials (email/mobile/username and password) on what is visually identifiable as a non-Xfinity-hosted page.

The 'Made in Framer' watermark in the corner is a known indicator of pages built on the Framer no-code platform, which is frequently abused to host phishing pages mimicking major brands.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust12/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The page displays an Xfinity-branded login form with email/password fields and a 'Made in Framer' watermark, indicating it is built on Framer's no-code platform rather than Xfinity's legitimate infrastructure. Credential-collection forms on third-party-hosted pages are a hallmark of phishing attacks. Three antivirus engines (Fortinet, Kaspersky, LevelBlue) independently flagged the URL as phishing. The evidence package shows the domain listed in live threat-intelligence dashboards and scanned by security researchers as a suspicious entry. Framer subdomains are frequently abused for credential harvesting, and this page follows that exact pattern — generic placeholder metadata ('My Framer Site'), no business registration, and a login form designed to steal user credentials.
Full dossier
Analysis complete

Page Content

The page displays a login interface branded with Xfinity's visual identity, including email/password input fields with an 'example@comcast.net' placeholder. A 'Made in Framer' badge is visible in the corner, confirming the page is built on Framer's no-code platform rather than Xfinity's own servers. The layout combines a credential-collection panel on the left with promotional marketing copy on the right — a design inconsistent with Xfinity's standard sign-in interface.

Infrastructure

The domain is a subdomain of framer.app, a legitimate Netherlands-based no-code website builder. The subdomain itself (aware-assistant-407030) has no business registration or legitimate entity associated with it. SSL is valid (Let's Encrypt), and the hosting IP (31.43.160.6) has a clean abuse score. However, Framer's free subdomain service is widely documented as being abused for phishing and credential-harvesting campaigns.

Domain History

The domain is approximately 5.7 years old, consistent with Framer's long-running free subdomain service. The age alone does not confer legitimacy — Framer subdomains are routinely created and repurposed for phishing attacks. No business entity or legitimate references exist for 'aware-assistant-407030'.

Web Reputation

Three antivirus engines flagged the URL as phishing: Fortinet, Kaspersky, and LevelBlue. The domain appears in live threat-intelligence dashboards and security-scanner results labeled as suspicious or potentially dangerous. Independent review aggregators show a high trust score, but this reflects Framer's legitimate parent domain, not this specific phishing subdomain.

Risk Factors
7
  • Xfinity login form rendered on a Framer-hosted page, not Xfinity's legitimate infrastructure — classic phishing pattern.
  • Three antivirus engines (Fortinet, Kaspersky, LevelBlue) independently flagged the URL as phishing.
  • Credential-collection form (email, mobile, username, password) designed to harvest Xfinity account credentials.
  • Listed in live threat-intelligence dashboards and security-scanner results as a suspicious or malicious entry.
  • No business registration, no contact information, and generic placeholder metadata ('My Framer Site', 'Made with Framer').
  • Framer subdomains are frequently documented as being abused for phishing; this page follows that exact abuse pattern.
  • Visual design mimics Xfinity's login UI but is inconsistent with legitimate Xfinity infrastructure.
Positive Signals
4
  • SSL certificate is valid and issued by Let's Encrypt.
  • Hosting IP has a clean abuse score (0/100).
  • No malware detected in our sandbox analysis.
  • Browser blocklists are clean (the phishing detection is by antivirus engines, not browser-level blocklists).
AI Recommendation
Do not enter any credentials on this page. If you received a link to this site via email or text, it is a phishing attempt — delete the message and do not click the link. Report the phishing URL to Xfinity directly through their official website or customer support.
Scam network detected
1 linked domain correlated

This subdomain is part of Framer's free subdomain service, which is frequently abused for phishing and credential-harvesting campaigns. The parent domain (framer.app) is legitimate, but this specific subdomain is a phishing page impersonating Xfinity.

framer.app
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for aware-assistant-407030.framer.app, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
5.7 yrs
Registered Oct 2020
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Independent review aggregators
100/100 · high trust
Average across 1 independent review aggregator.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
3 scam reports
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
100/100
High trustopen
Key findings
7 headline facts from open-web research
  • Domain is a subdomain of framer.app, a legitimate no-code website builder platform frequently abused for phishing and spam pages (Reddit reports of login-stealing Framer sites).
  • Listed in live threat intelligence dashboard (thehgtech.com) as a recent suspicious URL alongside other potential scam links.
  • urlquery.net scan from June 2026 shows 1 alert on the host; page was actively scanned alongside known malicious or suspicious entries.
  • Appears in PCRisk.com security scanner results labeled "Potentially Dangerous 5/100" in proximity to other flagged phishing-like subdomains.
  • Page uses default Framer placeholder metadata (title: "My Framer Site", description: "Made with Framer").
  • Framer subdomains have multiple documented cases of being used for credential harvesting, with security vendors flagging similar random-name subdomains as phishing.
  • No business entity, reviews, or legitimate references found for "aware-assistant-407030"; domain age of ~5.7 years aligns with Framer's long-running free subdomain service.
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • urlquery.netopen

    "1 alert(s) on this Host. aware-assistant-407030.framer.app"

  • thehgtech.comopen

    "hxxps://aware-assistant-407030[.]framer[.]app/ listed under Live Threat Intelligence"

  • PCRisk scanneropen

    "aware-assistant-407030.framer.app Potentially Dangerous 5/100"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research identified three independent threat-intelligence reports flagging this URL as malicious. urlquery.net scanned the host and recorded 1 alert; thehgtech.com listed it in a live threat-intelligence dashboard as a recent suspicious URL; and PCRisk security scanner labeled it 'Potentially Dangerous' alongside other flagged phishing subdomains. Framer subdomains have multiple documented cases of being used for credential harvesting, with security vendors flagging similar random-name subdomains as phishing. No business entity, reviews, or legitimate references exist for 'aware-assistant-407030'.

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

3Malicious0Suspicious54Harmless92Engines
0
of 92
Fortinet
Malicious· phishing
Kaspersky
Malicious· phishing
LevelBlue
Malicious· phishing

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
Has contact info, but not on the site's domain
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No email uses the site's own domain — legitimate shops usually do.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age6 years old
RegistrarCSC Corporate Domains, Inc.
RegisteredOct 2, 2020
ExpiresOct 2, 2026
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YE1
ExpiresSep 3, 2026 (82d)
Self-signedNo
Hosting & Technology
HostingFramer B.V.
Server locationNL
Web serverFramer/841c613
Platform / CMSFramer b47b624

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1308http://aware-assistant-407030.framer.app/
  • 2200https://aware-assistant-407030.framer.app/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file1
ISPFramer B.V.
Usage typeContent Delivery Network

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with aware-assistant-407030.framer.app

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

framer.comframerusercontent.comevents.framer.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags aware-assistant-407030.framer.app as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — aware-assistant-407030.framer.app scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. aware-assistant-407030.framer.app presents a valid TLSv1.3 certificate issued by Let's Encrypt · YE1, expiring in 82 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • aware-assistant-407030.framer.app is 5.7 years old, registered on 10/2/2020 through CSC Corporate Domains, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 3 out of 92 antivirus engines in our malware network flagged aware-assistant-407030.framer.app as malicious or suspicious (3 outright malicious). Even one detection is a meaningful signal.
  • No. aware-assistant-407030.framer.app is not currently listed on the major browser blocklist feeds that modern browsers use.
  • aware-assistant-407030.framer.app resolves to an IP operated by Framer B.V. in NL (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Independent trust-rating sites currently show the following for aware-assistant-407030.framer.app: ScamAdviser: 100/100. Those scores come from user reviews and their own heuristics, so they are worth comparing against our verdict.

Final Verdict

0
Trust / 100
Final Verdict·aware-assistant-407030.framer.app
DANGEROUS

This is a phishing page impersonating Xfinity's login portal, hosted on Framer's free subdomain service. The page collects email and password credentials on a third-party platform, and three independent threat-intelligence sources have flagged it as malicious.

Do not enter any credentials on this page. If you received a link to this site via email or text, it is a phishing attempt — delete the message and do not click the link. Report the phishing URL to Xfinity directly through their official website or customer support.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
sportzfylive.com
26m ago
Read the review
Dangeroustrust38
dui2yh5g50r9s.cloudfront.net
31m ago
Read the review
Dangeroustrust1
castingironaxes.com
32m ago
Read the review
Dangeroustrust42
brandedsurveys.com
39m ago
Read the review
Dangeroustrust1
ts.bzzhr.to
45m ago
Read the review
Dangeroustrust10
ww8.123moviesfree.net
52m ago
Read the review
Dangeroustrust1
345movies.nl
52m ago
Read the review
Dangeroustrust1
readingtime.space
59m ago
Read the review
Dangeroustrust29
echty.com
2h ago
Read the review
Dangeroustrust1
grannyfling.com
2h ago
Read the review
Dangeroustrust11
betewex.com
2h ago
Read the review
Dangeroustrust1
hasobet.com
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.