EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Información de Detección

http://suites-en-trezre.framer.ai/
Detected Brand
Trezor
Country
International
Confianza
100%
HTTP Status
200
Report ID
850ea5d2-d69…
Analyzed
2026-01-27 11:17
Final URL (after redirects)
https://suites-en-trezre.framer.ai/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T184C17573D014D85D0EB7969DFBC1E29C929AC25AFA7059C7E1D4107F39C0EF180A6369
CONTENT ssdeep
96:DirN8+s0VN850KN8SChaR1sYYfMmORR1E8VCon0GVCW8wql:DN+a8MdYfMmUU8VCoy

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
8f0de5ece4e0643c
VISUAL aHash
f30f0f3f1f3fffff
VISUAL dHash
e67afec6666e4e4a
VISUAL wHash
130f0f1f03073f2f
VISUAL colorHash
07000000c00
VISUAL cropResistant
e67afec6666e4e4a

Análisis de Código

Risk Score 88/100
Nivel de Amenaza BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Página informativa relacionada con la configuración de dispositivos Trezor.
• Objetivo: Nuevos usuarios de Trezor.
• Método: Guías para descargar y usar la aplicación Trezor Suite.
• Exfil: Sin exfiltración de datos.
• Indicadores: Logotipo oficial de la marca, contenido informativo y enlaces para descargar la aplicación Trezor Suite.
• Riesgo: BAJO - Página informativa sin riesgos de seguridad aparentes.

🔒 Obfuscation Detected

  • fromCharCode
  • base64_strings

📊 Desglose de Puntuación de Riesgo

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester and OTP Stealer kits targeting cryptocurrency wallet users.
High Obfuscation
10 obfuscation techniques detected, indicating deliberate evasion of analysis.
Brand Impersonation
Impersonating Trezor, a well-known cryptocurrency hardware wallet brand.
Zero Form Fields
No visible form fields, suggesting hidden or dynamic credential harvesting mechanisms.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
Trezor users (International)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltración
Unknown
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Personal Info
  • 10 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Trezor
Official Website
https://trezor.io
Fake Service
Fake Trezor wallet software download

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Wallet Credential Harvesting

The phishing site impersonates Trezor to trick users into entering their wallet recovery phrases or private keys. These credentials are likely intercepted in real-time via JavaScript event listeners or hidden form submissions.

Secondary Method: OTP Interception

The OTP Stealer kit suggests the site may capture one-time passwords or 2FA codes, enabling attackers to bypass additional authentication layers for wallet access.

Target Blockchain
Ethereum

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
suites-en-trezre.framer.ai
Registered
Unknown
Registrar
Unknown
Estado
Age unknown

🦠 Malicious Files

Main File
File Size

Highly obfuscated JavaScript file with no extracted functions or strings.

📊 Diagrama de Flujo de Ataque

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM TARGETED WITH PHISHING LURE                     │
│    - Fake Trezor email/website directs to malicious page  │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE WALLET LOGIN PAGE DISPLAYED                      │
│    - Spoofed Trezor interface requests credentials       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIALS ENTERED BY VICTIM                         │
│    - User submits wallet recovery phrase/private key     │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATED VIA HTTP POST                        │
│    - Form submission sends credentials to attacker server│
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. ATTACKER GAINS WALLET ACCESS                           │
│    - Harvested credentials used to drain crypto assets   │
└──────────────────────────────────────────────────────────┘

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM TARGETED WITH PHISHING LURE                     │
│    - Fake Trezor email/website directs to malicious page  │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE WALLET LOGIN PAGE DISPLAYED                      │
│    - Spoofed Trezor interface requests credentials       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIALS ENTERED BY VICTIM                         │
│    - User submits wallet recovery phrase/private key     │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATED VIA HTTP POST                        │
│    - Form submission sends credentials to attacker server│
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. ATTACKER GAINS WALLET ACCESS                           │
│    - Harvested credentials used to drain crypto assets   │
└──────────────────────────────────────────────────────────┘

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Trezor
https://learn-bridge-trzre.framer.ai/en
May 28, 2026
 Screenshot
Trezor
https://io-suites-trezre-learn.framer.ai/faqs
May 28, 2026
 Screenshot
Trezor
https://io-suites-trezre-learn.framer.ai/page
May 28, 2026
 Screenshot
Trezor
https://suitetrezor.framer.media/enus
Feb 13, 2026
 Screenshot
Trezor
http://suitetrezor.framer.media/
Feb 13, 2026

Scan History for suites-en-trezre.framer.ai

Found 2 other scans for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.