Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://www.yahoo302.blogspot.com/
Detected Brand
Yahoo
Country
International
Confidence
100%
HTTP Status
200
Report ID
55940301-8b5…
Analyzed
2026-02-14 11:48
Final URL (after redirects)
https://yahoo302.blogspot.com/
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D52372F19240A9AF856182DED3737FC8D7C2508AEB928C85E9A4D71D09C9C93DD172BC |
|
CONTENT
ssdeep
|
768:t7HZ6DfXJnFV2RBa45V7G1umloQxBgCRz:trZCfARhG1umlo+z |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cdb0b2b3c5ce4d0c |
|
VISUAL
aHash
|
ffff103010383030 |
|
VISUAL
dHash
|
0034726272626262 |
|
VISUAL
wHash
|
ffff303038383838 |
|
VISUAL
colorHash
|
031c0000000 |
|
VISUAL
cropResistant
|
0034726272626262 |
Análise de Código
Risk Score
85/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Usuários do Yahoo
• Método: Blog malicioso com formulário.
• Exfil: http://free.mailjol.net/allforms.php
• Indicadores: Domínio incomum, código ofuscado, envio de formulário JavaScript, ação de formulário suspeita.
• Risco: Alto
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- eval
- fromCharCode
- unescape
- document.write
- hex_escape
- unicode_escape
🎯 Kit Endpoints
- http://us.rd.yahoo.com/reg/sihflib/*https://login.yahoo.com/config/login?.src=ph&.intl=us&.help=1&.v=0&.u=7flc8u916oq6u&.last=&.last=&promo=&.bypass=&.partner=&pkg=&stepid=&.done=http%3a//photos.yahoo.com/ph//my_photos
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=pinterest
- https://www.blogger.com/feeds/478254526604074400/posts/default
- https://www.blogger.com/profile/10794590599370150709
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=facebook
- https://yahoo302.blogspot.com/feeds/posts/default
- https://yahoo302.blogspot.com/2010/07/
- https://yahoo302.blogspot.com/2010/07/yahoo_31.html#comment-form
- https://yahoo302.blogspot.com/2010/07/yahoo_31.html
- https://www.blogger.com/post-edit.g?blogID=478254526604074400&postID=7270152012916715041&from=pencil
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=twitter
- https://yahoo302.blogspot.com/feeds/posts/default?alt=rss
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=twitter
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=email
- https://yahoo302.blogspot.com/2010/
- https://www.blogger.com/post-edit.g?blogID=478254526604074400&postID=6897557750077868125&from=pencil
- https://www.blogger.com
- https://www.blogger.com/dyn-css/authorization.css?targetBlogID=478254526604074400&zx=bec942cc-9a17-4167-9d05-070fb5fccf8b
- https://yahoo302.blogspot.com/
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=6897557750077868125&target=blog
- http://yahoo302.blogspot.com/
- https://www.blogger.com/followers/frame/478254526604074400?colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByNjYzMzMDAqByM2NmJiMzMyByMzMzY2MDA6ByMzMzMzMzNCByNjYzMzMDBKByM3Nzc3NzdSByNjYzMzMDBaC3RyYW5zcGFyZW50&pageSize=21&hl=en&origin=https://yahoo302.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2kN9-TZiXrM.O%2Fd%3D1%2Frs%3DAHpOoo_B4hu0FeWRuWHfxnZ3V0WubwN7Qw%2Fm%3D__features__#id=I0_1771072975920&_gfid=I0_1771072975920&parent=https%3A%2F%2Fyahoo302.blogspot.com&pfname=&rpctoken=97873342
- http://login.yahoo.com/config/login?.src=ph&.v=0&.u=7flc8u916oq6u&.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done=http%3a//photos.yahoo.com/ph//my_photos
- https://yahoo302.blogspot.com/2010/07/yahoo.html#comment-form
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=email
- //www.blogger.com/java%20script:PBopenWindow%28%29
- https://yahoo302.blogspot.com/2010/07/yahoo.html
- https://www.blogger.com/navbar/478254526604074400?origin=https://yahoo302.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.2kN9-TZiXrM.O%2Fd%3D1%2Frs%3DAHpOoo_B4hu0FeWRuWHfxnZ3V0WubwN7Qw%2Fm%3D__features__#id=navbar-iframe&_gfid=navbar-iframe&parent=https%3A%2F%2Fyahoo302.blogspot.com&pfname=&rpctoken=41918529
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=blog
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=facebook
- http://us.rd.yahoo.com/reg/login0/signup_lhs/us/ph/*https://edit.yahoo.com/config/eval_register?.intl=us&new=1&.done=http%3a//photos.yahoo.com/ph//my_photos&.src=ph&.v=0&.u=7flc8u916oq6u&partner=&.p=&promo=&.last=
- https://www.blogger.com/share-post.g?blogID=478254526604074400&postID=7270152012916715041&target=pinterest
📡 API Calls Detected
- post
- http://us.ard.yahoo.com/SIG=12fo28js7/M=294867.5495648.6574428.4664665/D=regst/S=150000869:PB/Y=YAHOO/EXP=1114408190/A=2167824/R=0/SIG=10tt88gbl/*http://poweredby.hpidea.com
📤 Form Action Targets
- http://free.mailjol.net/allforms.php
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Domain is Blogspot
Blogspot domains are often used for phishing campaigns due to their free hosting capabilities.
Form Action
Form actions submitting data to a suspicious domain.
Obfuscation
Obfuscated code.
JavaScript form submission
JavaScript used for form handling, which is common in phishing attacks.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Two-Factor Authentication Stealer
Alvo
Yahoo users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
CRITICAL - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 69 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
Yahoo
Official Website
yahoo.com
Fake Service
Yahoo login
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The website presents a login form designed to mimic Yahoo's login page. When a user enters their credentials, the form submits the information to a remote server controlled by the attackers.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domain
www.yahoo302.blogspot.com
Registered
None
Registrar
None
Status
None
🔬 JavaScript Deep Analysis
Total Code Size
2,3 KB
🔐 Obfuscation Detected
- : None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for www.yahoo302.blogspot.com
Found 1 other scan for this domain
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.