# trustsextension.framer.media — SUSPICIOUS > PhishDestroy identifies trustsextension.framer.media as a fraudulent browser extension scam. This site mimics Chrome Web Store pages to trick users into. ## Summary PhishDestroy identifies trustsextension.framer.media as a browser extension scam posing as a legitimate Chrome Web Store page to distribute malicious software under the guise of a 'Trust Extension'. This domain mimics official storefronts to deceive users into installing rogue extensions that harvest sensitive data, inject ads, or redirect browsers to phishing pages. This domain was flagged after VirusTotal returned 0/95 detections—a concerning indicator of its new or stealthy nature—and resolves to a server at IP 31.43.160.6. Let's Encrypt provides its SSL certificate, which does not validate legitimacy. While the registrar and domain creation date are not publicly disclosed at this time, the lack of any blocklist detections suggests an emerging or highly targeted threat. The use of .framer.media as a subdomain under a media-focused TLD further contributes to the deception by implying association with a design or development tool, adding false credibility. Users who visited trustsextension.framer.media should immediately avoid clicking any download or installation prompts, even if the page appears to be an official extension store. Do not enter any personal or payment information on this site. If an extension was accidentally installed, remove it immediately from your browser’s extension manager and run a full antivirus scan. Monitor your accounts for unusual activity, especially if you entered login credentials or payment details. Report the domain to your browser vendor and cybersecurity platforms to help block future access. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 31.43.160.6 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1542b076-fcfc-43c9-8ac4-43f1bf6a4c6d - PhishDestroy: https://phishdestroy.io/domain/trustsextension.framer.media/ - LLM endpoint: https://phishdestroy.io/domain/trustsextension.framer.media/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trustsextension.framer.media/ Last updated: 2026-03-23