# trust-extt.framer.media — SUSPICIOUS

> trust-extt.framer.media is a fraudulent PayPal credential harvesting site. Resolving to IP 31.43.161.6, it remains undetected by antivirus engines.

## Summary
PhishDestroy identifies trust-extt.framer.media as an active credential-harvesting scam targeting PayPal users. This fraudulent domain mimics legitimate financial portals to trick victims into surrendering login credentials, risking direct account compromise and identity theft.

This domain was flagged with zero detections on VirusTotal (0/95 scanners) despite hosting malicious content. It resolves to a leased IP (31.43.161.6) in the Russian Federation and uses a legitimate Let’s Encrypt SSL certificate to appear trustworthy. The FQDN is hosted on Framer’s media subdomain, suggesting abuse of a reputable platform to evade detection and social engineering filters.

Users must treat trust-extt.framer.media as hostile: avoid interaction, never enter email or password combinations, and block the domain at DNS and browser levels. Organizations should block IP 31.43.161.6 and inspect any outbound connections to *.framer.media subdomains. If credentials were entered, reset passwords immediately, enable multi-factor authentication, and review financial statements for unauthorized transactions. Report the domain to PayPal and Framer abuse teams to accelerate takedown, and share IOCs with threat intelligence platforms for broader protection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 31.43.161.6

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/30bbf0c2-52d0-47e2-9376-8fbc1b6846d3
- PhishDestroy: https://phishdestroy.io/domain/trust-extt.framer.media/
- LLM endpoint: https://phishdestroy.io/domain/trust-extt.framer.media/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trust-extt.framer.media/
Last updated: 2026-03-23