Phishing Analysis: Trezor

Visual Capture

Detection Info

http://bridges-terzr.pages.dev

Detected Brand

Trezor

Country

Unknown

Confidence

95%

HTTP Status

200

Report ID

e0ebbc65-1e7…

Analyzed

2026-04-06 19:06

Final URL (after redirects)

https://bridges-terzr.pages.dev/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1E7F1D86BF3C93731068301E25A4657FDF73781FCD6552B428539820CAA48BA9CBB36C6
CONTENT ssdeep	192:7brNjvEWeNKeOrooOggMZdnv8Zm3NMY96z7:7bhjvEWeNzgoygcnv8Zm3t96z7

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c7713131693ace2e
VISUAL aHash	68783c3c383c3c3c
VISUAL dHash	d1c1e1c1c14145c1
VISUAL wHash	78783c3c3c3c3c3c
VISUAL colorHash	38007000040
VISUAL cropResistant	d1c1e1c1c14145c1

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

Trezor Phishing Landing Page

Target

Trezor users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Trezor

Official Website

N/A

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Brand Impersonation Redirect

Impersonates Trezor to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.