# metamask-hrome.framer.ai — SUSPICIOUS

> metamask-hrome.framer.ai is a brand impersonation threat targeting MetaMask with 3 of 95 VirusTotal vendors flagging it. Users should block access immediately.

## Summary
The domain metamask-hrome.framer.ai has been identified as an active brand impersonation threat specifically targeting the MetaMask brand. This domain aims to deceive users into believing it is affiliated with MetaMask, potentially leading to credential theft or other malicious outcomes. The threat remains active and warrants immediate attention from security teams and users alike to prevent compromise.

According to available intelligence, metamask-hrome.framer.ai is flagged by 3 out of 95 security vendors in VirusTotal scans, indicating a measurable but not widespread detection. The domain uses the Let's Encrypt SSL certificate, suggesting an attempt to appear legitimate and secure. It resolves to the IP address 31.43.161.6 and is registered under the registrar framer.ai. Furthermore, it appears on two security blocklists, underlining its malicious nature. The domain is already blocked by MetaMask and SEAL security services, reflecting the recognized risk it carries.

Given the elevated risk level associated with metamask-hrome.framer.ai, continued vigilance is crucial. Security teams should ensure that network defenses block this domain and inform users about the dangers of interacting with it. End users are advised to avoid clicking links or providing any information on this domain. Maintaining updated threat intelligence feeds and monitoring for any new variants or similar brand impersonation domains targeting MetaMask will help mitigate future risks. Immediate action to block and report this domain is strongly recommended to protect against potential credential theft or financial loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: MetaMask

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 31.43.161.6

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6f2bdbc4-54e8-47f7-8898-657112e2f441
- PhishDestroy: https://phishdestroy.io/domain/metamask-hrome.framer.ai/
- LLM endpoint: https://phishdestroy.io/domain/metamask-hrome.framer.ai/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamask-hrome.framer.ai/
Last updated: 2026-03-27