# trustwallet-ext.framer.media — SUSPICIOUS

> trustwallet-ext.framer.media is a crypto drainer impersonating Trust Wallet, detected with 0/95 VirusTotal scores. Treat as active threat. Block immediately.

## Summary
PhishDestroy identifies trustwallet-ext.framer.media as a newly active crypto drainer domain impersonating Trust Wallet, a leading cryptocurrency wallet service. The domain leverages deceptive branding to trick users into connecting malicious wallets that exfiltrate funds. Security research indicates the campaign employs a web-based drainer kit disguised as a legitimate extension, targeting victims through phishing lures such as promotional downloads or fake updates. The infrastructure suggests preparation for mass-user compromise, with high-risk SSL implementation and rapid domain registration to avoid early detection.  This domain resolves to IP 31.43.161.6 and is associated with a Let’s Encrypt SSL certificate, indicating an attempt to appear legitimate. VirusTotal reports 0 detections out of 95 scanners, confirming zero current AV coverage. The domain is registered via Namecheap and remains unlisted on Google Safe Browsing. Registrar data indicates recent creation, though exact date is not publicly disclosed. It currently sits on 0 known blocklists, suggesting a new operation still in the early propagation phase.  As of this advisory, the domain is classified as ACTIVE with risk status UNDER_INVESTIGATION. Immediate containment actions should include DNS blocking at the resolver level and network-level blackholing for the associated IP. Users are advised to avoid interacting with any links or downloads from this domain. While the current technical footprint is limited, the combination of zero detections, fresh infrastructure, and direct brand impersonation elevates the risk to CRITICAL. Ongoing monitoring is required as the campaign may escalate with updated evasion tactics or payload delivery mechanisms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trust Wallet

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 31.43.161.6

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7f0be1f9-9e6f-4c04-b697-c648214a0cb2
- PhishDestroy: https://phishdestroy.io/domain/trustwallet-ext.framer.media/
- LLM endpoint: https://phishdestroy.io/domain/trustwallet-ext.framer.media/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trustwallet-ext.framer.media/
Last updated: 2026-03-23