EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of start-io-trezor.stormkit.dev

Detection Info

https://start-io-trezor.stormkit.dev/
Detected Brand
Trezor
Country
International
Confidence
95%
HTTP Status
200
Report ID
5688e54b-3c0…
Analyzed
2026-02-03 23:45

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T10862665D774A33314E6302C15A58A7D9A736F38453621EC1B04A81F4DFAF9F3B422B88
CONTENT ssdeep
192:s1+81pjiwC4NPPjIJugKMZx9bNb8mTxNxNrM7kxdZf6278d6vg7KZeLpyz96oaQ9:u++mAedriwOxTeqcbD4T9dlASwl

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9d90b7e5dae041ac
VISUAL aHash
ff1e18181800ffbf
VISUAL dHash
9cbcbbf176d63679
VISUAL wHash
ff0e18180860ff9f
VISUAL colorHash
16c10000000
VISUAL cropResistant
0020108e8636083c,ba0052a484d200be,636a46d6e4bcd97a,b4a4d4d8f4a57676,8b83703c69f0b2aa,c0a28a371382a2c4,a282cc4b1355a2a2,3600736763797d79,078080b0b0b0b0b0,bc3cbbf17136d6b6,4b174f7f7fffffef,333f4fc3d1d4d0d0

Code Analysis

Risk Score 50/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Banking

🔬 Threat Analysis Report

• Threat: Impersonation
• Target: Trezor
• Method: Domain spoofing on a free hosting service
• Exfil: Likely aims to steal login credentials or redirect to another phishing page.
• Indicators: Mismatched domain, free hosting.
• Risk: HIGH

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain is not the official Trezor domain and is hosted on a suspicious free hosting service.
Hosting Provider
Free Hosting is a common tactic for phishing websites.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Trezor users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Banking

🏢 Brand Impersonation Analysis

Impersonated Brand
Trezor
Official Website
https://trezor.io
Fake Service
Trezor Wallet or Trezor website

⚔️ Attack Methodology

Primary Method: Impersonation (Brand)

The attacker creates a website that closely resembles the legitimate Trezor website to deceive users into providing sensitive information or installing malware.

Secondary Method: Domain Spoofing

The attacker uses a similar-looking domain to trick users into believing they are on the real website.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
start-io-trezor.stormkit.dev
Registered
Unknown
Registrar
Unknown
Status
Inactive

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/a4b766aa97b2.png
Jun 26, 2026
No screenshot
Unknown
https://trezosuiteapp.vercel.app/
Dec 26, 2025
No screenshot
Unknown
https://trezosuiteapp.vercel.app/
Dec 24, 2025
No screenshot
Trezor
https://www.trezosuiteapp.vercel.app/
Dec 23, 2025
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.