# en-extensionmeta.framer.ai — SUSPICIOUS

> en-extensionmeta.framer.ai is a low-risk phishing domain impersonating Framer. Stay alert and avoid interaction with this offline site to protect your data.

## Summary
PhishDestroy identifies en-extensionmeta.framer.ai as a domain involved in generic phishing activities targeting users by impersonating the Framer platform. Although classified as low risk, phishing threats like this can lead to credential theft or unauthorized access to personal information, making vigilance essential. The domain is currently offline, reducing immediate risk, but awareness remains important.

en-extensionmeta.framer.ai was registered through CSC Corporate Domains, Inc., and has been flagged on three security blocklists. It was created on March 4, 2026, and resolves to the IP address 31.43.161.6. While VirusTotal shows only 2 out of 95 security vendors flagged this domain, its presence on blocklists and phishing reports indicates malicious intent. The page title returned is “Site Not Found | Framer,” suggesting the site is no longer active or has been taken down.

Users should avoid visiting en-extensionmeta.framer.ai or providing any personal or login information if encountered. Even though the domain is offline, it is advisable to remain cautious with any communications claiming to be from Framer or related services. Employing updated security software, enabling multi-factor authentication, and verifying URLs before interaction can help prevent falling victim to similar phishing attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 404)
- Page title: Site Not Found | Framer

## Domain Intelligence
- Registered: 2026-03-04 15:07:01
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 31.43.161.6
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ["ns-1902.awsdns-45.co.uk", "ns-635.awsdns-15.net", "ns-1198.awsdns-21.org", "ns-114.awsdns-14.com"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/3mVYX9tV/2e6007c6935f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/754e701e-8c98-44a7-8df0-9b7434422193
- Wayback Machine: https://web.archive.org/web/https://en-extensionmeta.framer.ai
- PhishDestroy: https://phishdestroy.io/domain/en-extensionmeta.framer.ai/
- LLM endpoint: https://phishdestroy.io/domain/en-extensionmeta.framer.ai/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-extensionmeta.framer.ai/
Last updated: 2026-03-19