The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
Review required
| URL | hxxps://trezor-io-start-trezor-authto[.]webflow[.]io/ | |
| Brand | Trezor | |
| Screenshot | https://cdn.zerophish.ai/c75d3035-58cd-45bd-847a-6b1f1553d0a6.jpg | |
| Scan ID | ebd781da-ec47-4642-87b7-0371f7b5ce39 |
No detection signals on this scan — it predates the signal pipeline. Re-analyze to capture them.
No brand impersonation signals available.
No technical metadata captured for this scan.
The analysed website appears to be a phishing attempt to mimic a page from Trezor, a known brand in the cryptocurrency hardware wallet industry. However, several factors suggest that this might be a sophisticated phishing attempt. The URL is suspicious as it deviates from the expected trezor.io domain by including additional terms like ‘start’ and ‘authto.webflow.io’. The HTML mentions ‘Trezor.io/start’ numerous times which suggests that the phishing site is trying to mimic this legitimate page. The webpage attempts to establish trust by providing comprehensive information about Trezor products, setting up the Trezor hardware wallet and its security features. This level of detail is unusual for phishing sites. Moreover, the page includes official looking images with accurate brand terminology. No typical social engineering techniques commonly seen in phishing attacks were identified. In conclusion, although the site appears well crafted and detailed, the dubious URL raises strong suspicion about its legitimacy.