Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://suiteen-tzorx.wixstudio.com/suite-io
Detected Brand
Trezor
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
36aa19b1-bdeβ¦
Analyzed
2026-05-14 12:25
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T126235B72A332B8B843DB92DEE7382955B2D6588DE8C74554F1C99ACD23C3C816193BB4 |
|
CONTENT
ssdeep
|
768:ahVBy+EsZx8/G8+K4DDaw+MABDwZMABVUcix+y9dQpUDF1E56ITmHkLcZI2jPqDG:a0+EsZ/8+NDDaw+MABDwZMABVUXx+y9T |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ee6e919dc5c09a98 |
|
VISUAL
aHash
|
ff81a1a18181ffff |
|
VISUAL
dHash
|
4d4d4d4d63710000 |
|
VISUAL
wHash
|
ff8081818081ffff |
|
VISUAL
colorHash
|
07230008000 |
|
VISUAL
cropResistant
|
4d4d4d4d63710000,cecc4cccbabe7260,40d2d29bafd6d2c4,ecf1f151754c8806,fffffff5c6fedfdf |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
β οΈ Phishing Confirmed
π£ Credential Harvester
π£ OTP Stealer
π£ Card Stealer
π£ Banking
π£ Personal Info
π Obfuscation Detected
- eval
- fromCharCode
- unescape
- unicode_escape
- base64_strings
π― Kit Endpoints
- https://siteassets.parastorage.com/pages/pages/thunderbolt?beckyExperiments=.DatePickerPortal%2C.DisableDocumentScrollWhenLightBoxOpen%2C.EnableCustomCSSVarsForLoginSocialBar%2C.FreemiumBannerOdeditor%2C.LoginBarEnableLoggingInStateInSSR%2C.TextInputAutoFillFix%2C.UseLoginSocialBarCustomMenu%2C.UseNestedLoginSocialBarMenuItems%2C.UseNewLoginBarDropdownMenuAlignment%2C.UseNewLoginSocialBarElementStructure%2C.UseNewLoginSocialBarMemberInitialsAvatar%2C.WixFreeSiteBannerDesktop%2C.WixFreeSiteBannerMobile%2C.a11yContrast%2C.addIdAsClassName%2C.buttonUdp%2C.calculateCollapsibleTextLineHeightByFont%2C.dom_store%2C.dontApplyDacOverridesOnBoBApps%2C.dynamicSlots%2C.fiveGridLineStudioSkins%2C.fixFirefoxLinkBarIntrinsicSizing%2C.imageEncodingAVIF%2C.isClassNameToRootEnabled%2C.motionTimeAnimationsCSS%2C.responsiveContainerRoleGroup%2C.sectionA11yProps%2C.shouldUseResponsiveImages%2C.svgResolver_2%2C.updateRichTextSemanticClassNamesOnCorvid%2C.useClassnameInResponsiveAppWidget%2C.useImageAvifFormatInNativeProGallery%2C.useResponsiveImgClassicFixed%2C.useSvgLoaderFeature%2C.useSvgLoaderFeatureOnBuilderComps%2C.useWowImageInFastGallery&blocksBuilderManifestGeneratorVersion=1.129.0&contentType=application%2Fjson&deviceType=Desktop&dfCk=6&dfVersion=1.5374.0&disableStaticPagesUrlHierarchy=false&editorName=Studio&experiments=dm_bgScrubToMotionFixer%2Cdm_masterPageVariablesQueryFixer%2Cdm_migrateOldHoverBoxToNewFixer&externalBaseUrl=https%3A%2F%2Fsuiteen-tzorx.wixstudio.com%2Fsuite-io&fileId=0eec2e75.bundle.min&formFactor=desktop&freemiumBanner=true&hasTPAWorkerOnSite=false&hasUserDomainMedia=false&isBuilderComponentModel=false&isHttps=true&isInSeo=false&isMultilingualEnabled=false&isResponsive=true&isTrackClicksAnalyticsEnabled=false&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=03b0666b-5c00-48b4-b381-da554d16511f&module=thunderbolt-features&originalLanguage=en&pageId=e1a942_66a2628844b352b7e8a98466704a9f81_3.json&pilerExperiments=specs.piler.useEditorReactComponents&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22wixui%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.15116.0%22%7D%2C%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22dsgnsys%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.15116.0%22%7D%5D&remoteWidgetStructureBuilderVersion=1.251.0&siteId=1a89f3cb-fcf6-4d42-89c8-c4e9b56928c1&siteRevision=3&staticHTMLComponentUrl=https%3A%2F%2Fsuiteen-tzorx-wixstudio-com.filesusr.com%2F&useSandboxInHTMLComp=true&viewMode=desktop
- https://siteassets.parastorage.com/pages/pages/thunderbolt?beckyExperiments=.DatePickerPortal%2C.DisableDocumentScrollWhenLightBoxOpen%2C.EnableCustomCSSVarsForLoginSocialBar%2C.FreemiumBannerOdeditor%2C.LoginBarEnableLoggingInStateInSSR%2C.TextInputAutoFillFix%2C.UseLoginSocialBarCustomMenu%2C.UseNestedLoginSocialBarMenuItems%2C.UseNewLoginBarDropdownMenuAlignment%2C.UseNewLoginSocialBarElementStructure%2C.UseNewLoginSocialBarMemberInitialsAvatar%2C.WixFreeSiteBannerDesktop%2C.WixFreeSiteBannerMobile%2C.a11yContrast%2C.addIdAsClassName%2C.buttonUdp%2C.calculateCollapsibleTextLineHeightByFont%2C.dom_store%2C.dontApplyDacOverridesOnBoBApps%2C.dynamicSlots%2C.fiveGridLineStudioSkins%2C.fixFirefoxLinkBarIntrinsicSizing%2C.imageEncodingAVIF%2C.isClassNameToRootEnabled%2C.motionTimeAnimationsCSS%2C.responsiveContainerRoleGroup%2C.sectionA11yProps%2C.shouldUseResponsiveImages%2C.svgResolver_2%2C.updateRichTextSemanticClassNamesOnCorvid%2C.useClassnameInResponsiveAppWidget%2C.useImageAvifFormatInNativeProGallery%2C.useResponsiveImgClassicFixed%2C.useSvgLoaderFeature%2C.useSvgLoaderFeatureOnBuilderComps%2C.useWowImageInFastGallery&blocksBuilderManifestGeneratorVersion=1.129.0&contentType=application%2Fjson&deviceType=Desktop&dfCk=6&dfVersion=1.5374.0&disableStaticPagesUrlHierarchy=false&editorName=Studio&experiments=dm_bgScrubToMotionFixer%2Cdm_masterPageVariablesQueryFixer%2Cdm_migrateOldHoverBoxToNewFixer&externalBaseUrl=https%3A%2F%2Fsuiteen-tzorx.wixstudio.com%2Fsuite-io&fileId=0eec2e75.bundle.min&formFactor=desktop&freemiumBanner=true&hasTPAWorkerOnSite=false&hasUserDomainMedia=false&isBuilderComponentModel=false&isHttps=true&isInSeo=false&isMultilingualEnabled=false&isResponsive=true&isTrackClicksAnalyticsEnabled=false&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=03b0666b-5c00-48b4-b381-da554d16511f&module=thunderbolt-features&originalLanguage=en&pageId=e1a942_b04914f52501dd16ee1547254b592150_3.json&pilerExperiments=specs.piler.useEditorReactComponents&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22wixui%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.15116.0%22%7D%2C%7B%22artifactId%22%3A%22editor-elements%22%2C%22namespace%22%3A%22dsgnsys%22%2C%22url%22%3A%22https%3A%2F%2Fstatic.parastorage.com%2Fservices%2Feditor-elements%2F1.15116.0%22%7D%5D&remoteWidgetStructureBuilderVersion=1.251.0&siteId=1a89f3cb-fcf6-4d42-89c8-c4e9b56928c1&siteRevision=3&staticHTMLComponentUrl=https%3A%2F%2Fsuiteen-tzorx-wixstudio-com.filesusr.com%2F&useSandboxInHTMLComp=true&viewMode=desktop
π‘ API Calls Detected
- POST
π Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
Code Obfuscation
JavaScript code obfuscated using 17 technique(s) to evade detection
π¬ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Trezor users
Attack Method
obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
β οΈ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 17 obfuscation techniques
π’ Brand Impersonation Analysis
Impersonated Brand
Trezor
Official Website
N/A
Fake Service
Banking/payment service
βοΈ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.
π Infrastructure Indicators of Compromise
Domain Information
Domain
suiteen-tzorx.wixstudio.com
Registered
Unknown
Registrar
None
Status
Age unknown
Hosting Information
Provider
Unknown
ASN
π€ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://cdn.gosafemode.com/screenshots/0f6235dd303a.png
May 22, 2026
Trezor
https://ladger-livelebger.wixstudio.com/us-en
May 20, 2026
Trezor
https://bridge-homelives.wixstudio.com/bridge-en-us
May 18, 2026
Trezor
https://official-trzor-bridg.wixstudio.com/usen
May 16, 2026
Trezor
https://suiteen-tzorx.wixstudio.com/my-suite
May 14, 2026
Scan History for suiteen-tzorx.wixstudio.com
Found 4 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.