zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 90743167
Scan another →
CACHED Showing previous scan from 514 d ago. Click Reanalyze to run a fresh scan.
PHISHING · MEDIUM CONFIDENCE

Phishing detected

brand Trezor scan id 90743167 duration signals 0 failing / 0
Risk score 0.80
80 / 100 · —
Tags
URL anatomy
https :// .
flagged registered domain path protocol / query
Indicators of compromise 4 · click any row to copy
URL hxxps://app-trzor-suite-cdn[.]github[.]io/en-us/
Brand Trezor
Screenshot https://cdn.zerophish.ai/0ba47767-5a27-4101-ac50-0d508051dd7f.jpg
Scan ID 90743167-1e27-4546-a0fa-ec1989964ef9
Detection signals 0 fail · 0 warn · 0 pass

No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.

Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis

No brand impersonation signals available.

Technical profile resolved at scan time

No technical metadata captured for this scan.

Analyst summary AI-generated
Initial scan heuristic + LLM

The site appears to be a phishing site for several reasons.

  1. Suspicious URL: The URL does not match the legitimate Trezor domain (trezor.io). Instead, it is hosted on github.io, which is commonly used by attackers for phishing.

  2. Misleading Information: The site’s HTML contains multiple instances of onclick="getdata()", which could be used to collect sensitive user data. Additionally, this function is not defined anywhere in the provided HTML, which makes the site more suspicious.

  3. Imitation of a Legitimate Brand: The site tries to imitate the official Trezor site by creating a page that looks like the official Trezor Suite page, which might trick users into thinking that they are on the official page.

  4. Inaccurate Information: The text ‘Copyright belongs to company s.r.o.’ is vague and indicates an attempt to look authentic without the necessary details.