Source: https://trezorisuite.us/ |
Avira URL Cloud: detection malicious, Label: phishing |
Source: https://trezorisuite.us/wp-content/plugins/js_composernew/assets/css/js_composer.min.css?ver=6.8.0 |
Avira URL Cloud: Label: phishing |
Source: https://trezorisuite.us/wp-includes/css/dist/block-library/style.min.css?ver=6.5.3 |
Avira URL Cloud: Label: phishing |
Source: https://trezorisuite.us/comments/feed/ |
Avira URL Cloud: Label: phishing |
Source: https://trezorisuite.us/wp-json/ |
Avira URL Cloud: Label: phishing |
Source: https://trezorisuite.us/#website |
Avira URL Cloud: Label: phishing |
Source: chromecache_445.2.dr |
Binary or memory string: eval("/* harmony export */ __webpack_require__.d(__webpack_exports__, {\n/* harmony export */ publicKey: () => (/* binding */ publicKey)\n/* harmony export */ });\nconst publicKey = {\n dev: `-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbSUHJlr17+NywPS/w+xMkp3dSD8eWXSuAfFKwonZPe5fL63kISipJC+eJP7Mad0WxgyJoiMsZCV6BZPK2jIFdg==\n-----END PUBLIC KEY-----`,\n codesign: `-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAES7MbBzU/v5BsljkTM8Mz0Jsk+Nn5n2wH\\no2/+MUI3TgCVdTbEHhn3HXaY7GJ6TLyWqxn+pIDY9wUUAyUqOStTUQ==\n-----END PUBLIC KEY-----`\n};\n\n//# sourceURL=webpack://@trezor/connect-iframe/../../suite-common/wallet-constants/src/jws.ts?"); |
memstr_9d7e10a9-c |
Source: https://trezorisuite.us/ |
LLM: Score: 7 Reasons: The code references 'trezorisuite.us', which is suspicious as it could be impersonating the legitimate Trezor Suite website. This could indicate a phishing attempt. However, without further context or additional malicious behavior, the risk score is not at the maximum level. DOM: 0.0.pages.csv |
Source: https://trezorisuite.us/ |
LLM: Score: 7 Reasons: The JavaScript code references an external script from 'https://trezorisuite.us/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3'. The domain 'trezorisuite.us' is suspicious and not a known or trusted source for WordPress assets, which typically come from 'wordpress.org'. This could indicate a potential phishing or malicious site. DOM: 0.0.pages.csv |
Source: https://trezor.io/trezor-suite |
HTTP Parser: Total embedded SVG size: 155752 |
Source: https://trezor.io/ |
HTTP Parser: Total embedded SVG size: 147384 |
Source: https://trezor.io/trezor-suite |
HTTP Parser: Base64 decoded: https://trezor.io:443 |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=ils9fjqxyvbj |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=ils9fjqxyvbj |
HTTP Parser: No favicon |
Source: https://suite.trezor.io/web/static/connect/iframe.html?version=9.2.2&manifest=IntcImVtYWlsXCI6XCJpbmZvQHRyZXpvci5pb1wiLFwiYXBwVXJsXCI6XCJAdHJlem9yL3N1aXRlXCJ9Ig%3D%3D |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=14hvzzc82bxm |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=14hvzzc82bxm |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=fv9qf77yydmk |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=fv9qf77yydmk |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=fcgk4e4tn78p |
HTTP Parser: No favicon |
Source: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdAahsiAAAAACHPe5krhw_ok_Oepp86Bl_aC74d&co=aHR0cHM6Ly90cmV6b3IuaW86NDQz&hl=en&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=fcgk4e4tn78p |
HTTP Parser: No favicon |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0 |
Source: unknown |
HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.5:49725 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.5:49729 version: TLS 1.2 |
Source: chromecache_445.2.dr |
String found in binary or memory: LE_0__.DEFAULT_DOMAIN}popup.html`,\n webusbSrc: `${_version__WEBPACK_IMPORTED_MODULE_0__.DEFAULT_DOMAIN}webusb.html`,\n transports: undefined,\n pendingTransportEvent: true,\n env: 'node',\n lazyLoad: false,\n timestamp: new Date().getTime(),\n interactionTimeout: 600,\n // 5 minutes\n sharedLogger: true\n};\nconst parseManifest = manifest => {\n if (!manifest) return;\n if (typeof manifest.email !== 'string') return;\n if (typeof manifest.appUrl !== 'string') return;\n return {\n email: manifest.email,\n appUrl: manifest.appUrl\n };\n};\n\n// Cors validation copied from Trezor Bridge\n// see: https://github.com/trezor/trezord-go/blob/05991cea5900d18bcc6ece5ae5e319d138fc5551/server/api/api.go#L229\n// Its pointless to allow `@trezor/connect` endpoints { connectSrc } for domains other than listed below\n// `trezord` will block communication anyway\nconst corsValidator = url => {\n if (typeof url !== 'string') return;\n if (url.match(/^https:\\/\\/([A-Za-z0-9\\-_]+\\.)*trezor\\.io\\//)) return url;\n if (url.match(/^https?:\\/\\/localhost:[58][0-9]{3}\\//)) return url;\n if (url.match(/^https:\\/\\/([A-Za-z0-9\\-_]+\\.)*sldev\\.cz\\//)) return url;\n if (url.match(/^https?:\\/\\/([A-Za-z0-9\\-_]+\\.)*trezoriovpjcahpzkrewelclulmszwbqpzmzgub37gbcjlvluxtruqad\\.onion\\//)) return url;\n};\nconst parseConnectSettings = (input = {}) => {\n const settings = {\n ...initialSettings\n };\n if ('debug' in input) {\n if (typeof input.debug === 'boolean') {\n settings.debug = input.debug;\n } else if (typeof input.debug === 'string') {\n settings.debug = input.debug === 'true';\n }\n }\n\n // trust level can only be lowered by implementator!\n if (input.trustedHost === false) {\n settings.trustedHost = input.trustedHost;\n }\n if (typeof input.connectSrc === 'string' && input.connectSrc?.startsWith('http')) {\n settings.connectSrc = corsValidator(input.connectSrc);\n } else if (settings.trustedHost) {\n settings.connectSrc = input.connectSrc;\n }\n const src = settings.connectSrc || _version__WEBPACK_IMPORTED_MODULE_0__.DEFAULT_DOMAIN;\n settings.iframeSrc = `${src}iframe.html`;\n settings.popupSrc = `${src}popup.html`;\n settings.webusbSrc = `${src}webusb.html`;\n if (typeof input.transportReconnect === 'boolean') {\n settings.transportReconnect = input.transportReconnect;\n }\n\n // deprecated, settings.transport should be used instead\n if (t |