EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of www.borderclick.com

Detection Info

https://www.borderclick.com/BC/media/Borderclick/tiktok-mok_1.html
Detected Brand
TikTok
Country
International
Confidence
100%
HTTP Status
200
Report ID
86cf969b-a01…
Analyzed
2026-03-17 04:59

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T184D196B15045D836A0E381EDE8B0136E7580020ED75386C6F7FA03AEDBCADA4DF65295
CONTENT ssdeep
192:4acPGqYlfHcghYPsOl/sOQVcsOq444ptLuwoNe:s4x8LEOl0OQVzOq444v

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9bc859a5bb2ac90d
VISUAL aHash
5c3c383d3f26060c
VISUAL dHash
d1f1f359724e5438
VISUAL wHash
3e3c383d3f3e040e
VISUAL colorHash
38000000602
VISUAL cropResistant
c4c76331b85c2ef6,b23375434374a3e2,9391c8c466b1188e,4444588060706480,9be234997ab66c8b,08c63399e47a9d6e,d1f1f359724e5438,16cc59b264cc9a32

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: TikTok users
• Method: Fake follower generator
• Exfil: Likely steals credentials
• Indicators: Promises followers, requests username/email
• Risk: High

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • base64_strings

📡 API Calls Detected

  • POST
  • https://www.google.com/ccm/geo

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Active Phishing Kit
The site's primary function is to steal user data with a known phishing tactic.
JavaScript Obfuscation
Javascript obfuscation indicates the potential for malicious behavior.

🔬 Comprehensive Threat Analysis

Threat Type
Two-Factor Authentication Stealer
Target
TikTok users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Personal Info
  • 57 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
TikTok
Official Website
https://www.tiktok.com
Fake Service
Followers Generator

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The site tricks users into providing their TikTok username/email. This information could be used for account takeover attempts or to use the compromised accounts to send further phishing messages.

Secondary Method: Social Engineering

The site uses a promise of free followers to lure users into providing their credentials.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
www.borderclick.com
Registered
2016-12-31
Registrar
Unknown
Status
ACTIVE

🤖 AI-Extracted Threat Intelligence

Scan History for www.borderclick.com

Found 10 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.