EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of adminapi.jiuzhouw.net

Detection Info

https://adminapi.jiuzhouw.net/
Detected Brand
TikTok Shop
Country
International
Confidence
100%
HTTP Status
200
Report ID
c7f17248-bdc…
Analyzed
2026-02-02 11:52
Final URL (after redirects)
https://adminapi.jiuzhouw.net/#/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1E77200387083386B953BC591F8BA9F286507D335C3580A6CA36D26A96FCECD45C32779
CONTENT ssdeep
384:tM7YOiLXNgbYZ5Lf/yLfQ/LfvJLfk8rCtTzhBeC3D:twYTLNGYZ5Lf/yLfQ/LfvJLfk8rCtTzV

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b3338ace66668c99
VISUAL aHash
e7e7e7e7e7ffffff
VISUAL dHash
4d4d4d4d4d000c4c
VISUAL wHash
c3c3c3c3c3e7e700
VISUAL colorHash
07400000043
VISUAL cropResistant
4d4d4d4d4d000c4c,ccececdcccd4d5f4,b36b73f2b2328633

Code Analysis

Risk Score 85/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Impersonation
• Target: TikTok users
• Method: Fake AI trading platform
• Exfil: Likely steals credentials and financial information
• Indicators: Domain mismatch, JavaScript obfuscation
• Risk: High

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • document.write
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • GET
  • POST

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain does not belong to the official TikTok Shop website.
JavaScript Obfuscation
Obfuscated code is often used to hide malicious activity.
JavaScript form submission detected
Form submissions are a common method for collecting user data

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
TikTok Shop users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 17 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
TikTok Shop
Official Website
null
Fake Service
AI Trading Assistant

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Brand Impersonation

The attackers are attempting to impersonate TikTok Shop by creating a landing page that mimics the branding. This is done to gain the trust of users, who may then input sensitive information.

Secondary Method: Social Engineering

The site's content uses marketing tactics such as promises of financial gain to trick users into providing personal or financial information.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
adminapi.jiuzhouw.net
Registered
2022-06-11
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
TikTok
http://tiktok.shop599.com/
Jun 11, 2026
 Screenshot
TikTok
https://tiktok.shop599.com/h5/
Jun 11, 2026
 Screenshot
TikTok Shop
https://wildcard.jiuzhouw.net/
Feb 02, 2026
 Screenshot
TikTok
https://www.dcc.jiuzhouw.net/
Feb 02, 2026
No screenshot
TikTok Shop
https://amzsub.com/
Jan 20, 2026
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.