Phishing Analysis: Trezor

Visual Capture

Screenshot of io-bridge-terzor-en.pages.dev

Detection Info

https://io-bridge-terzor-en.pages.dev/

Detected Brand

Trezor

Country

Unknown

Confidence

95%

HTTP Status

200

Report ID

c55bb670-f1e…

Analyzed

2026-04-08 12:38

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1ACB17537E14D3372064300D2E2531BBDF263406CEA861B16E2AE821C6BD9FD2C5A77D6
CONTENT ssdeep	96:Tna1L0N9iZ/MJmig6nfBOPnAF7Q5cTxAtEQBF4nBbVAnzHBq/ox8YhBE:eN89C0JpfMkMrEQ74nRVMzHE/H

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c7b1933131ce9a3c
VISUAL aHash	7c3c3c38203c3c3c
VISUAL dHash	c949616168616169
VISUAL wHash	ff383c3c203c3c3c
VISUAL colorHash	38003200240
VISUAL cropResistant	c949616168616169

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

Trezor Phishing Landing Page

Target

Trezor users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Trezor

Official Website

N/A

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Search Engine Manipulation

Fake Trezor site positioned to capture victims through SEO tactics, typosquatting, or paid advertising. Serves as entry point for multi-stage attacks including credential theft and malware distribution.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.