SafeMode - Analysis: absltiks-shop.com

Visual Capture

No screenshot available

Detection Info

https://absltiks-shop.com/

Detected Brand

TikTok

Country

International

Confidence

100%

HTTP Status

200

Report ID

2bf0c0f6-2ea…

Analyzed

2026-01-26 23:58

Final URL (after redirects)

https://absltiks-shop.com/#/home

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1AEC2207C20EC15B7903B8CCAB824395DA871934BCF26C8976AAD53D63FD2811B550E7B
CONTENT ssdeep	384:DybgbzkDBuDBP8pYy5E2zu7TVBq9XqLTV5tDUTghoVupJVCzN:DybgbzT8pYytIqqLTV5tD+gqAGN

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9616bb391cb97911
VISUAL aHash	0e060e1600ffffff
VISUAL dHash	6cecece46495080e
VISUAL wHash	0c06041404ffffff
VISUAL colorHash	16600000002
VISUAL cropResistant	9f9b9f9fadedcfc6,9e0c000c0f370c4c,7c6cececf4646471

Code Analysis

Risk Score 82/100

Threat Level BAJO

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Potential brand abuse / unauthorized store.
• Target: TikTok users.
• Method: Possibly an unverified third-party TikTok shop.
• Exfil: No data exfiltration is apparent.
• Indicators: Unofficial domain, but no clear phishing signs.
• Risk: LOW - Potential brand misrepresentation but no direct threat.

📡 API Calls Detected

https://xf.xfgfdgre.shop/XP26hG

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester and OTP Stealer kits targeting TikTok users for account takeover.

Brand Impersonation

Domain absltiks-shop.com impersonates TikTok with high visual similarity and fake service claims.

Lack of Detection Evasion

No obfuscation techniques, Telegram bots, Discord webhooks, or WebSocket URLs detected, indicating low operational security.

High-Risk Target

Targeting TikTok, a high-value platform for account takeover and financial fraud.

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

TikTok users (International)

Attack Method

Phishing webpage

Exfiltration Channel

Unknown

Risk Assessment

CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info

🏢 Brand Impersonation Analysis

Impersonated Brand

TikTok

Official Website

https://www.tiktok.com

Fake Service

TikTok Store or promotional offer

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The phishing kit captures TikTok login credentials via a fake login portal. Submitted credentials are likely exfiltrated to an attacker-controlled server for immediate account takeover.

Secondary Method: OTP Stealer

If multi-factor authentication (MFA) is enabled, the kit may prompt victims to enter OTP codes, which are intercepted and relayed to the attacker in real-time.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

absltiks-shop.com

Registered

2025-10-21 13:13:53+00:00

Registrar

Amazon Registrar, Inc.

Status

Active (97 days old)

📊 Attack Flow Diagram

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING LURE                          │
│    - Fake TikTok email/notification with malicious link   │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE TIKTOK PAGE                        │
│    - Phishing site mimics legitimate TikTok login        │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL INPUT                                      │
│    - Victim enters Banking/login credentials             │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA CAPTURE & EXFILTRATION                           │
│    - Credentials sent via HTTP POST (form submission)    │
└──────────────────────────────────────────────────────────┘

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING LURE                          │
│    - Fake TikTok email/notification with malicious link   │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE TIKTOK PAGE                        │
│    - Phishing site mimics legitimate TikTok login        │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL INPUT                                      │
│    - Victim enters Banking/login credentials             │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA CAPTURE & EXFILTRATION                           │
│    - Credentials sent via HTTP POST (form submission)    │
└──────────────────────────────────────────────────────────┘

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

TikTok

http://www.tkshops-tj.com/

May 30, 2026

TikTok

https://www.dont-kshop.com/

Dec 27, 2025