Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://yahoo302.blogspot.com/
Detected Brand
Yahoo
Country
International
Confidence
100%
HTTP Status
200
Report ID
3eb77536-fcfโฆ
Analyzed
2026-02-14 11:51
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1282371F19240A9AF8561C2DED3737FC8D7C2508AE7928C85E9A4971D09C9C93DD172BC |
|
CONTENT
ssdeep
|
768:n7HZ6DfXLnQVTwBa4AVYG1umlo8xa/CRz:nrZCfawRG1umloez |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cdb0b2b3c5ce4d0c |
|
VISUAL
aHash
|
ffff103010383030 |
|
VISUAL
dHash
|
0034726272626262 |
|
VISUAL
wHash
|
ffff303038383838 |
|
VISUAL
colorHash
|
031c0000000 |
|
VISUAL
cropResistant
|
0034726272626262 |
Code Analysis
Risk Score
85/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฃ Personal Info
๐ฌ Threat Analysis Report
โข Threat: Phishing
โข Target: Yahoo users
โข Method: Credential Harvesting via fake login form
โข Exfil: http://free.mailjol.net/allforms.php
โข Indicators: Domain, Obfuscation, JavaScript form submission.
โข Risk: High
๐ Credential Harvesting Forms
๐ Obfuscation Detected
- eval
- fromCharCode
- unescape
- document.write
- hex_escape
- unicode_escape
๐ฏ Kit Endpoints
- http://us.rd.yahoo.com/reg/login0/signup_lhs/us/ph/*https://edit.yahoo.com/config/eval_register?.intl=us&new=1&.done=http%3a//photos.yahoo.com/ph//my_photos&.src=ph&.v=0&.u=7flc8u916oq6u&partner=&.p=&promo=&.last=
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=email
- https://www.blogger.com/followers/frame/478254526604074400?colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByNjYzMzMDAqByM2NmJiMzMyByMzMzY2MDA6ByMzMzMzMzNCByNjYzMzMDBKByM3Nzc3NzdSByNjYzMzMDBaC3RyYW5zcGFyZW50&pageSize=21&hl=en&origin=http://yahoo302.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2kN9-TZiXrM.O%2Fd%3D1%2Frs%3DAHpOoo_B4hu0FeWRuWHfxnZ3V0WubwN7Qw%2Fm%3D__features__#id=I0_1771073079632&_gfid=I0_1771073079632&parent=http%3A%2F%2Fyahoo302.blogspot.com&pfname=&rpctoken=57423053
- https://www.blogger.com
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=blog
- https://www.blogger.com/dyn-css/authorization.css?targetBlogID=478254526604074400&zx=bec942cc-9a17-4167-9d05-070fb5fccf8b
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=facebook
- https://www.blogger.com/profile/10794590599370150709
- http://yahoo302.blogspot.com/2010/07/yahoo.html
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=twitter
- https://www.blogger.com/post-edit.g?blogID=478254526604074400&postID=6897557750077868125&from=pencil
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=facebook
- http://us.rd.yahoo.com/reg/sihflib/*https://login.yahoo.com/config/login?.src=ph&.intl=us&.help=1&.v=0&.u=7flc8u916oq6u&.last=&.last=&promo=&.bypass=&.partner=&pkg=&stepid=&.done=http%3a//photos.yahoo.com/ph//my_photos
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=pinterest
- http://yahoo302.blogspot.com/2010/07/yahoo_31.html#comment-form
- http://yahoo302.blogspot.com/2010/07/
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=email
- https://www.blogger.com/feeds/478254526604074400/posts/default
- https://www.blogger.com/post-edit.g?blogID=478254526604074400&postID=7270152012916715041&from=pencil
- http://yahoo302.blogspot.com/feeds/posts/default?alt=rss
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=pinterest
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=twitter
- https://www.blogger.com/navbar/478254526604074400?origin=http://yahoo302.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2kN9-TZiXrM.O%2Fd%3D1%2Frs%3DAHpOoo_B4hu0FeWRuWHfxnZ3V0WubwN7Qw%2Fm%3D__features__#id=navbar-iframe&_gfid=navbar-iframe&parent=http%3A%2F%2Fyahoo302.blogspot.com&pfname=&rpctoken=23364147
- http://yahoo302.blogspot.com/2010/07/yahoo.html#comment-form
- http://yahoo302.blogspot.com/feeds/posts/default
- http://login.yahoo.com/config/login?.src=ph&.v=0&.u=7flc8u916oq6u&.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done=http%3a//photos.yahoo.com/ph//my_photos
- http://yahoo302.blogspot.com/2010/
- http://yahoo302.blogspot.com/2010/07/yahoo_31.html
- http://www.blogger.com/java%20script:PBopenWindow%28%29
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=blog
- http://yahoo302.blogspot.com/
๐ก API Calls Detected
- http://us.ard.yahoo.com/SIG=12fo28js7/M=294867.5495648.6574428.4664665/D=regst/S=150000869:PB/Y=YAHOO/EXP=1114408190/A=2167824/R=0/SIG=10tt88gbl/*http://poweredby.hpidea.com
- post
๐ค Form Action Targets
- http://free.mailjol.net/allforms.php
๐ Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain Reputation
Blogspot domain is often abused.
Obfuscation
Presence of obfuscated JavaScript code.
Form Action
Form submitting data to an external and suspicious domain
Design/Visual Clues
The design does not resemble the targeted brand at all.
๐ฌ Comprehensive Threat Analysis
Threat Type
Two-Factor Authentication Stealer
Target
Yahoo users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 69 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
Yahoo
Official Website
yahoo.com
Fake Service
Yahoo login
โ๏ธ Attack Methodology
Primary Method: Credential Harvesting
The site attempts to steal Yahoo user credentials by displaying what *appears* to be a Yahoo login form. Users enter their credentials, which are then sent to a malicious server.
Secondary Method: JavaScript Obfuscation
The website employs Javascript obfuscation to conceal the phishing activities from detection.
๐ Infrastructure Indicators of Compromise
Domain Information
Domain
yahoo302.blogspot.com
Registered
None
Registrar
None
Status
None
๐ฌ JavaScript Deep Analysis
Total Code Size
2.3ย KB
๐ Obfuscation Detected
- : None
๐ค AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for yahoo302.blogspot.com
Found 2 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.