Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://tiopy.top/
Detected Brand
TikTok Shop
Country
International
Confidence
100%
HTTP Status
N/A
Report ID
770e33bb-85dā¦
Analyzed
2026-03-05 13:30
Final URL (after redirects)
https://tiopy.top/h5/#/pages/login/index
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15E1210307046387762379A91F8A18B0D2217D335D746196CB7A417B6BBCDCE48A72BF8 |
|
CONTENT
ssdeep
|
192:lMMcbbRgSLGnERjIFTfSDtFTfRZEu3JMLfPvErEFt5LfJyLfkTLfWlLfljLfxAM1:iMEvGnER+f2XfPEu3uLFFt5LfJyLfkTA |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b333266666cccccc |
|
VISUAL
aHash
|
e7e7ffe7e7ffffff |
|
VISUAL
dHash
|
4d4d004d4d000c00 |
|
VISUAL
wHash
|
00002424e4fcfcfc |
|
VISUAL
colorHash
|
07000000606 |
|
VISUAL
cropResistant
|
4d4d004d4d000c00,212101617103630b,45008c30b2300155 |
Code Analysis
Risk Score
85/100
Threat Level
ALTO
ā ļø Phishing Confirmed
š£ Credential Harvester
š£ OTP Stealer
š£ Card Stealer
š£ Banking
š£ Personal Info
š¬ Threat Analysis Report
ā¢ Threat: Phishing
ā¢ Target: TikTok Shop users
ā¢ Method: Credential Harvesting
ā¢ Exfil: Likely through Javascript Obfuscation
ā¢ Indicators: Domain age, Javascript obfuscation & form submission.
ā¢ Risk: HIGH
š Obfuscation Detected
- atob
- fromCharCode
- unescape
- document.write
- unicode_escape
- base64_strings
š” API Calls Detected
- GET
- POST
š Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Recent Domain
Domain age of 2 days is highly suspicious.
Domain Mismatch
Domain tiopy.top is completely unrelated to the official TikTok Shop domain.
Obfuscation Detected
Javascript Obfuscation increases the chance of malicious code.
Form Submission
Javascript form submission detected
š¬ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
TikTok Shop users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
ā ļø Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 33 obfuscation techniques
š¢ Brand Impersonation Analysis
Impersonated Brand
TikTok Shop
Official Website
null
Fake Service
Login
āļø Attack Methodology
Primary Method: Credential Harvesting
The site is designed to trick users into entering their TikTok Shop login credentials (phone number & password), which are then stolen by the attackers.
Secondary Method: Javascript Obfuscation
The attackers are using Javascript obfuscation to hide and potentially execute malicious code on the victim's browser.
š Infrastructure Indicators of Compromise
Domain Information
Domain
tiopy.top
Registered
2024-03-02
Registrar
None
Status
active
š¤ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.