1Password phishing kit cloned from the legitimate `1password.com` login page using Save Page WE.
The first detection was on August 16th although evidence in the kit (the Save Page WE `savepage-date` timestamp) suggests it was created August 11th.
Like many similar phishing kit, credentials are posted to `send.php` and then the victim is redirected to the `1password.com` login form.