EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

http://suites-en-trezre.framer.ai/
Detected Brand
Trezor
Country
International
Confiança
100%
HTTP Status
200
Report ID
850ea5d2-d69…
Analyzed
2026-01-27 11:17
Final URL (after redirects)
https://suites-en-trezre.framer.ai/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T184C17573D014D85D0EB7969DFBC1E29C929AC25AFA7059C7E1D4107F39C0EF180A6369
CONTENT ssdeep
96:DirN8+s0VN850KN8SChaR1sYYfMmORR1E8VCon0GVCW8wql:DN+a8MdYfMmUU8VCoy

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
8f0de5ece4e0643c
VISUAL aHash
f30f0f3f1f3fffff
VISUAL dHash
e67afec6666e4e4a
VISUAL wHash
130f0f1f03073f2f
VISUAL colorHash
07000000c00
VISUAL cropResistant
e67afec6666e4e4a

Análise de Código

Risk Score 88/100
Nível de Ameaça BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Página informativa relacionada à configuração de dispositivos Trezor.
• Alvo: Novos usuários do Trezor.
• Método: Guias para baixar e usar o aplicativo Trezor Suite.
• Exfil: Sem exfiltração de dados.
• Indicadores: Logotipo oficial da marca, conteúdo informativo e links para baixar o aplicativo Trezor Suite.
• Risco: BAIXO - Página informativa sem riscos de segurança aparentes.

🔒 Obfuscation Detected

  • fromCharCode
  • base64_strings

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester and OTP Stealer kits targeting cryptocurrency wallet users.
High Obfuscation
10 obfuscation techniques detected, indicating deliberate evasion of analysis.
Brand Impersonation
Impersonating Trezor, a well-known cryptocurrency hardware wallet brand.
Zero Form Fields
No visible form fields, suggesting hidden or dynamic credential harvesting mechanisms.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Two-Factor Authentication Stealer
Alvo
Trezor users (International)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltração
Unknown
Avaliação de Risco
CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Personal Info
  • 10 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Trezor
Official Website
https://trezor.io
Fake Service
Fake Trezor wallet software download

Fraudulent Claims

⚔️ Metodologia de Ataque

Primary Method: Wallet Credential Harvesting

The phishing site impersonates Trezor to trick users into entering their wallet recovery phrases or private keys. These credentials are likely intercepted in real-time via JavaScript event listeners or hidden form submissions.

Secondary Method: OTP Interception

The OTP Stealer kit suggests the site may capture one-time passwords or 2FA codes, enabling attackers to bypass additional authentication layers for wallet access.

Target Blockchain
Ethereum

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
suites-en-trezre.framer.ai
Registered
Unknown
Registrar
Unknown
Estado
Age unknown

🦠 Malicious Files

Main File
File Size

Highly obfuscated JavaScript file with no extracted functions or strings.

📊 Diagrama de Fluxo de Ataque

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM TARGETED WITH PHISHING LURE                     │
│    - Fake Trezor email/website directs to malicious page  │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE WALLET LOGIN PAGE DISPLAYED                      │
│    - Spoofed Trezor interface requests credentials       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIALS ENTERED BY VICTIM                         │
│    - User submits wallet recovery phrase/private key     │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATED VIA HTTP POST                        │
│    - Form submission sends credentials to attacker server│
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. ATTACKER GAINS WALLET ACCESS                           │
│    - Harvested credentials used to drain crypto assets   │
└──────────────────────────────────────────────────────────┘

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM TARGETED WITH PHISHING LURE                     │
│    - Fake Trezor email/website directs to malicious page  │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE WALLET LOGIN PAGE DISPLAYED                      │
│    - Spoofed Trezor interface requests credentials       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIALS ENTERED BY VICTIM                         │
│    - User submits wallet recovery phrase/private key     │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATED VIA HTTP POST                        │
│    - Form submission sends credentials to attacker server│
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. ATTACKER GAINS WALLET ACCESS                           │
│    - Harvested credentials used to drain crypto assets   │
└──────────────────────────────────────────────────────────┘

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Trezor
https://learn-bridge-trzre.framer.ai/en
Mai 28, 2026
 Screenshot
Trezor
https://io-suites-trezre-learn.framer.ai/faqs
Mai 28, 2026
 Screenshot
Trezor
https://io-suites-trezre-learn.framer.ai/page
Mai 28, 2026
 Screenshot
Trezor
https://suitetrezor.framer.media/enus
Fev 13, 2026
 Screenshot
Trezor
http://suitetrezor.framer.media/
Fev 13, 2026

Scan History for suites-en-trezre.framer.ai

Found 2 other scans for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.