SafeMode - Analysis: www.paypal-logiin.blogspot.com

Visual Capture

Screenshot of www.paypal-logiin.blogspot.com

Detection Info

https://www.paypal-logiin.blogspot.com/

Detected Brand

PayPal

Country

International

Confidence

100%

HTTP Status

200

Report ID

ac4dc98a-7ab…

Analyzed

2026-02-10 12:44

Final URL (after redirects)

https://paypal-logiin.blogspot.com/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1BC521372A055AA3B1363C6E8A3B2E74BF7418185CDD2014AD5F9E35C2FE3DB2DC1A215
CONTENT ssdeep	96:GCKxsPOlHUnoGyPs44mGjZzmv8K4yYeyCqkE8iyMK8wGgjdekdWuhMOaVirtBF8v:GCinFbOLN1wtBnb9McUqacps5cTBrha

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	de5e6961615c5e84
VISUAL aHash	80809c9cffffffff
VISUAL dHash	3b3c34300b202024
VISUAL wHash	80809c9cffe3c0c0
VISUAL colorHash	070020001c0
VISUAL cropResistant	3b3c34300b202024

Code Analysis

Risk Score 74/100

Threat Level MEDIO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Impersonation Phishing
• Target: PayPal users
• Method: Blog hosted content that pretends to give help, trying to trick people
• Exfil: Not applicable in this case, but potentially a form or link. Exfiltration could redirect to a form
• Indicators: Incorrect URL, blogspot hosting, content discussion of PayPal services and login
• Risk: Moderate

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

eval
hex_escape
unicode_escape

🎯 Kit Endpoints

https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=email
https://www.blogger.com
https://www.blogger.com/feeds/4489207327022737830/posts/default
https://paypal-logiin.blogspot.com/feeds/posts/default
https://paypal-logiin.blogspot.com/
https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html#comments
https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=
/responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp
https://paypal-logiin.blogspot.com/feeds/posts/default?alt=rss
https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=twitter
https://www.blogger.com/profile/01992965054440234456
https://paypal-logiin.blogspot.com/search
https://www.blogger.com/go/report-abuse
https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=pinterest
https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html
https://paypal-logiin.blogspot.com/2021/02/
https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=facebook

📡 API Calls Detected

GET
post

📤 Form Action Targets

https://paypal-logiin.blogspot.com/search

📊 Risk Score Breakdown

Total Risk Score

85/100

Contributing Factors

Domain Impersonation

The domain contains the brand name, but is on an untrusted domain and looks different.

Free Hosting

Hosting on blogspot.com is a common phishing indicator.

Content

Content is generic and lacks credibility.

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

PayPal users (International)

Attack Method

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Exfiltration Channel

HTTP POST to backend

Risk Assessment

HIGH - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, Personal Info
36 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

PayPal

Official Website

https://www.paypal.com

Fake Service

PayPal Customer Service/Login/general support

⚔️ Attack Methodology

Primary Method: Impersonation Phishing

The attacker creates a website that mimics the brand (PayPal in this case) to trick the user. This is done through a fake URL and content. The goal is to obtain login credentials or other sensitive information.