Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://www.paypal-logiin.blogspot.com/
Detected Brand
PayPal
Country
International
Confianza
100%
HTTP Status
200
Report ID
ac4dc98a-7ab…
Analyzed
2026-02-10 12:44
Final URL (after redirects)
https://paypal-logiin.blogspot.com/
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BC521372A055AA3B1363C6E8A3B2E74BF7418185CDD2014AD5F9E35C2FE3DB2DC1A215 |
|
CONTENT
ssdeep
|
96:GCKxsPOlHUnoGyPs44mGjZzmv8K4yYeyCqkE8iyMK8wGgjdekdWuhMOaVirtBF8v:GCinFbOLN1wtBnb9McUqacps5cTBrha |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
de5e6961615c5e84 |
|
VISUAL
aHash
|
80809c9cffffffff |
|
VISUAL
dHash
|
3b3c34300b202024 |
|
VISUAL
wHash
|
80809c9cffe3c0c0 |
|
VISUAL
colorHash
|
070020001c0 |
|
VISUAL
cropResistant
|
3b3c34300b202024 |
Análisis de Código
Risk Score
74/100
Nivel de Amenaza
MEDIO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing por suplantación
• Objetivo: Usuarios de PayPal
• Método: Contenido alojado en un blog que pretende ayudar, intentando engañar a la gente
• Exfil: No aplicable en este caso, pero potencialmente un formulario o un enlace. La exfiltración podría redirigir a un formulario
• Indicadores: URL incorrecta, alojamiento en blogspot, discusión del contenido de los servicios y el inicio de sesión de PayPal
• Riesgo: Moderado
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- eval
- hex_escape
- unicode_escape
🎯 Kit Endpoints
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=email
- https://www.blogger.com
- https://www.blogger.com/feeds/4489207327022737830/posts/default
- https://paypal-logiin.blogspot.com/feeds/posts/default
- https://paypal-logiin.blogspot.com/
- https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html#comments
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=
- /responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp
- https://paypal-logiin.blogspot.com/feeds/posts/default?alt=rss
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=twitter
- https://www.blogger.com/profile/01992965054440234456
- https://paypal-logiin.blogspot.com/search
- https://www.blogger.com/go/report-abuse
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=pinterest
- https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html
- https://paypal-logiin.blogspot.com/2021/02/
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=facebook
📡 API Calls Detected
- GET
- post
📤 Form Action Targets
- https://paypal-logiin.blogspot.com/search
📊 Desglose de Puntuación de Riesgo
Total Risk Score
85/100
Contributing Factors
Domain Impersonation
The domain contains the brand name, but is on an untrusted domain and looks different.
Free Hosting
Hosting on blogspot.com is a common phishing indicator.
Content
Content is generic and lacks credibility.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Credential Harvesting Kit
Objetivo
PayPal users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
HIGH - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 36 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
PayPal
Official Website
https://www.paypal.com
Fake Service
PayPal Customer Service/Login/general support
⚔️ Metodología de Ataque
Primary Method: Impersonation Phishing
The attacker creates a website that mimics the brand (PayPal in this case) to trick the user. This is done through a fake URL and content. The goal is to obtain login credentials or other sensitive information.
Secondary Method: Social Engineering
Using content to lure the victim, in this case, by appearing to give help.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
paypal-logiin.blogspot.com
Registered
None
Registrar
None
Estado
Inactive
🔬 JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
139,9 KB
🔗 API Endpoints Detected
Other
1
🔐 Obfuscation Detected
- : Light
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for www.paypal-logiin.blogspot.com
Found 1 other scan for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.