Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
http://yahoo302.blogspot.com/
Detected Brand
Yahoo
Country
International
Confidence
100%
HTTP Status
200
Report ID
3eb77536-fcf…
Analyzed
2026-02-14 11:51
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1282371F19240A9AF8561C2DED3737FC8D7C2508AE7928C85E9A4971D09C9C93DD172BC |
|
CONTENT
ssdeep
|
768:n7HZ6DfXLnQVTwBa4AVYG1umlo8xa/CRz:nrZCfawRG1umloez |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cdb0b2b3c5ce4d0c |
|
VISUAL
aHash
|
ffff103010383030 |
|
VISUAL
dHash
|
0034726272626262 |
|
VISUAL
wHash
|
ffff303038383838 |
|
VISUAL
colorHash
|
031c0000000 |
|
VISUAL
cropResistant
|
0034726272626262 |
Análisis de Código
Risk Score
85/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de Yahoo
• Método: Recopilación de credenciales a través de un formulario de inicio de sesión falso
• Exfil: http://free.mailjol.net/allforms.php
• Indicadores: Dominio, Obfuscación, envío de formulario JavaScript.
• Riesgo: Alto
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- eval
- fromCharCode
- unescape
- document.write
- hex_escape
- unicode_escape
🎯 Kit Endpoints
- http://us.rd.yahoo.com/reg/login0/signup_lhs/us/ph/*https://edit.yahoo.com/config/eval_register?.intl=us&new=1&.done=http%3a//photos.yahoo.com/ph//my_photos&.src=ph&.v=0&.u=7flc8u916oq6u&partner=&.p=&promo=&.last=
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=email
- https://www.blogger.com/followers/frame/478254526604074400?colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByNjYzMzMDAqByM2NmJiMzMyByMzMzY2MDA6ByMzMzMzMzNCByNjYzMzMDBKByM3Nzc3NzdSByNjYzMzMDBaC3RyYW5zcGFyZW50&pageSize=21&hl=en&origin=http://yahoo302.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2kN9-TZiXrM.O%2Fd%3D1%2Frs%3DAHpOoo_B4hu0FeWRuWHfxnZ3V0WubwN7Qw%2Fm%3D__features__#id=I0_1771073079632&_gfid=I0_1771073079632&parent=http%3A%2F%2Fyahoo302.blogspot.com&pfname=&rpctoken=57423053
- https://www.blogger.com
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=blog
- https://www.blogger.com/dyn-css/authorization.css?targetBlogID=478254526604074400&zx=bec942cc-9a17-4167-9d05-070fb5fccf8b
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=facebook
- https://www.blogger.com/profile/10794590599370150709
- http://yahoo302.blogspot.com/2010/07/yahoo.html
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=twitter
- https://www.blogger.com/post-edit.g?blogID=478254526604074400&postID=6897557750077868125&from=pencil
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=facebook
- http://us.rd.yahoo.com/reg/sihflib/*https://login.yahoo.com/config/login?.src=ph&.intl=us&.help=1&.v=0&.u=7flc8u916oq6u&.last=&.last=&promo=&.bypass=&.partner=&pkg=&stepid=&.done=http%3a//photos.yahoo.com/ph//my_photos
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=pinterest
- http://yahoo302.blogspot.com/2010/07/yahoo_31.html#comment-form
- http://yahoo302.blogspot.com/2010/07/
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=email
- https://www.blogger.com/feeds/478254526604074400/posts/default
- https://www.blogger.com/post-edit.g?blogID=478254526604074400&postID=7270152012916715041&from=pencil
- http://yahoo302.blogspot.com/feeds/posts/default?alt=rss
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=pinterest
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=twitter
- https://www.blogger.com/navbar/478254526604074400?origin=http://yahoo302.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2kN9-TZiXrM.O%2Fd%3D1%2Frs%3DAHpOoo_B4hu0FeWRuWHfxnZ3V0WubwN7Qw%2Fm%3D__features__#id=navbar-iframe&_gfid=navbar-iframe&parent=http%3A%2F%2Fyahoo302.blogspot.com&pfname=&rpctoken=23364147
- http://yahoo302.blogspot.com/2010/07/yahoo.html#comment-form
- http://yahoo302.blogspot.com/feeds/posts/default
- http://login.yahoo.com/config/login?.src=ph&.v=0&.u=7flc8u916oq6u&.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done=http%3a//photos.yahoo.com/ph//my_photos
- http://yahoo302.blogspot.com/2010/
- http://yahoo302.blogspot.com/2010/07/yahoo_31.html
- http://www.blogger.com/java%20script:PBopenWindow%28%29
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=blog
- http://yahoo302.blogspot.com/
📡 API Calls Detected
- http://us.ard.yahoo.com/SIG=12fo28js7/M=294867.5495648.6574428.4664665/D=regst/S=150000869:PB/Y=YAHOO/EXP=1114408190/A=2167824/R=0/SIG=10tt88gbl/*http://poweredby.hpidea.com
- post
📤 Form Action Targets
- http://free.mailjol.net/allforms.php
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Reputation
Blogspot domain is often abused.
Obfuscation
Presence of obfuscated JavaScript code.
Form Action
Form submitting data to an external and suspicious domain
Design/Visual Clues
The design does not resemble the targeted brand at all.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
Yahoo users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 69 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Yahoo
Official Website
yahoo.com
Fake Service
Yahoo login
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The site attempts to steal Yahoo user credentials by displaying what *appears* to be a Yahoo login form. Users enter their credentials, which are then sent to a malicious server.
Secondary Method: JavaScript Obfuscation
The website employs Javascript obfuscation to conceal the phishing activities from detection.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
yahoo302.blogspot.com
Registered
None
Registrar
None
Status
None
🔬 JavaScript Deep Analysis
Total Code Size
2,3 KB
🔐 Obfuscation Detected
- : None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for yahoo302.blogspot.com
Found 2 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.