# chroome-ext-conbse.framer.ai — SUSPICIOUS > Beware! chroome-ext-conbse.framer.ai is a Coinbase impersonation hosting a crypto drainer. VirusTotal shows 0/95 detections. Verify all links on PhishDestroy. ## Summary PhishDestroy identifies chroome-ext-conbse.framer.ai as an active crypto-draining impersonation of Coinbase. This fraudulent site masquerades as the official Coinbase Chrome Extension under the misleading page title 'Coinbase Chrome Extension – Secure Crypto Access,' luring users into installing a malicious extension designed to drain cryptocurrency wallets. The domain resolves to IP 31.43.160.6 and leverages a Let's Encrypt SSL certificate to appear legitimate. Users attempting to access their crypto wallets through this domain risk unauthorized fund transfers and credential theft. The domain chroome-ext-conbse.framer.ai was flagged on VirusTotal with a concerning 0 out of 95 detection score, indicating that traditional antivirus solutions currently do not recognize it as malicious. This domain is hosted on Framer, a website-building platform, which may have been exploited to host phishing content. The domain is still active and continues to impersonate Coinbase, one of the most targeted brands in crypto-related phishing attacks. With 0 detections and no blocklist entries, it poses a high risk to unsuspecting users who may inadvertently download the malicious extension or enter their credentials. If you accessed chroome-ext-conbse.framer.ai or entered any information, immediately revoke access to your Coinbase account and any connected crypto wallets. Disconnect any installed browser extensions related to this domain, clear your browser cache, and run a malware scan using reputable security software. Always verify URLs and use official sources like PhishDestroy to confirm the legitimacy of web pages before entering sensitive information. Avoid downloading extensions or software from untrusted sources, and use hardware wallets or multi-factor authentication to add an extra layer of security to your crypto accounts. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP ?) - Target brand: Coinbase - Page title: Coinbase Chrome Extension – Secure Crypto Access ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 31.43.160.6 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/42375158-e736-42d6-93d0-2682c74202ae - PhishDestroy: https://phishdestroy.io/domain/chroome-ext-conbse.framer.ai/ - LLM endpoint: https://phishdestroy.io/domain/chroome-ext-conbse.framer.ai/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/chroome-ext-conbse.framer.ai/ Last updated: 2026-04-11