# tally.vistashopee.com — MALICIOUS > tally.vistashopee.com impersonates Shopee in brand abuse scams. PhishDestroy flags 8 of 95 VirusTotal vendors detecting this credential theft site. ## Summary PhishDestroy identifies an active brand impersonation campaign targeting Shopee users via the malicious domain tally.vistashopee.com. This site mimics the legitimate Shopee interface to harvest login credentials and session tokens, enabling direct access to user accounts for fraudulent purchases or financial theft. The threat actor registered the domain through GoDaddy.com, LLC on January 01, 2020, establishing a facade of legitimacy while operating outside Shopee’s official ecosystem. Hosted at IP 142.44.140.148 with an SSL certificate from Sectigo Limited, the domain bypasses initial security checks, but has been flagged by Google Safe Browsing as engaging in social engineering tactics. VirusTotal analysis confirms elevated risk, with 8 out of 95 security vendors detecting malicious activity, underscoring the domain's active threat status. Technical indicators reveal this domain’s infrastructure is optimized for credential theft. The use of a valid SSL certificate (CN: Sectigo Limited) lends superficial credibility, while the obfuscation of the true destination IP (142.44.140.148) suggests hosting on compromised or anonymized infrastructure. Domain age (registered January 2020) indicates long-term planning, with the threat actor likely cycling through similar domains to evade detection. The inclusion of 'vistashopee' in the domain name is a deliberate attempt to exploit brand recognition, tricking users into believing they are interacting with a legitimate Shopee subdomain. Google Safe Browsing’s classification of 'SOCIAL_ENGINEERING' further validates the deceptive nature of this site, which is designed to manipulate users into surrendering sensitive authentication data. If you visited tally.vistashopee.com and entered any credentials, immediately change your Shopee account password and enable two-factor authentication. Revoke any active sessions via Shopee’s security settings and review recent transactions for unauthorized activity. Use a password manager to avoid manual entry of credentials on untrusted domains. Report the domain to Shopee’s abuse team and your local cybercrime unit, including screenshots and timestamps of any interactions. For future protection, bookmark Shopee’s official URL (shopee.com) and verify all links via Shopee’s verified social media or official app before logging in. Enable additional security features such as login notifications and biometric authentication where available. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2020-01-01 15:11:57 - Registrar: GoDaddy.com, LLC - IP: 142.44.140.148 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/tally.vistashopee.com - PhishDestroy: https://phishdestroy.io/domain/tally.vistashopee.com/ - LLM endpoint: https://phishdestroy.io/domain/tally.vistashopee.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tally.vistashopee.com/ Last updated: 2026-04-09