EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of www.paypal-logiin.blogspot.com

Informações de Detecção

https://www.paypal-logiin.blogspot.com/
Detected Brand
PayPal
Country
International
Confiança
100%
HTTP Status
200
Report ID
ac4dc98a-7ab…
Analyzed
2026-02-10 12:44
Final URL (after redirects)
https://paypal-logiin.blogspot.com/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1BC521372A055AA3B1363C6E8A3B2E74BF7418185CDD2014AD5F9E35C2FE3DB2DC1A215
CONTENT ssdeep
96:GCKxsPOlHUnoGyPs44mGjZzmv8K4yYeyCqkE8iyMK8wGgjdekdWuhMOaVirtBF8v:GCinFbOLN1wtBnb9McUqacps5cTBrha

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
de5e6961615c5e84
VISUAL aHash
80809c9cffffffff
VISUAL dHash
3b3c34300b202024
VISUAL wHash
80809c9cffe3c0c0
VISUAL colorHash
070020001c0
VISUAL cropResistant
3b3c34300b202024

Análise de Código

Risk Score 74/100
Nível de Ameaça MEDIO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing por impersonificação
• Alvo: Usuários do PayPal
• Método: Conteúdo hospedado em um blog que finge ajudar, tentando enganar as pessoas
• Exfil: Não aplicável neste caso, mas potencialmente um formulário ou um link. A exfiltração pode redirecionar para um formulário
• Indicadores: URL incorreta, hospedagem no blogspot, discussão de conteúdo dos serviços e login do PayPal
• Risco: Moderado

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • eval
  • hex_escape
  • unicode_escape

🎯 Kit Endpoints

  • https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=email
  • https://www.blogger.com
  • https://www.blogger.com/feeds/4489207327022737830/posts/default
  • https://paypal-logiin.blogspot.com/feeds/posts/default
  • https://paypal-logiin.blogspot.com/
  • https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html#comments
  • https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=
  • /responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp
  • https://paypal-logiin.blogspot.com/feeds/posts/default?alt=rss
  • https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=twitter
  • https://www.blogger.com/profile/01992965054440234456
  • https://paypal-logiin.blogspot.com/search
  • https://www.blogger.com/go/report-abuse
  • https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=pinterest
  • https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html
  • https://paypal-logiin.blogspot.com/2021/02/
  • https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=facebook

📡 API Calls Detected

  • GET
  • post

📤 Form Action Targets

  • https://paypal-logiin.blogspot.com/search

📊 Detalhamento da Pontuação de Risco

Total Risk Score
85/100

Contributing Factors

Domain Impersonation
The domain contains the brand name, but is on an untrusted domain and looks different.
Free Hosting
Hosting on blogspot.com is a common phishing indicator.
Content
Content is generic and lacks credibility.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Credential Harvesting Kit
Alvo
PayPal users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
HIGH - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Personal Info
  • 36 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
PayPal
Official Website
https://www.paypal.com
Fake Service
PayPal Customer Service/Login/general support

⚔️ Metodologia de Ataque

Primary Method: Impersonation Phishing

The attacker creates a website that mimics the brand (PayPal in this case) to trick the user. This is done through a fake URL and content. The goal is to obtain login credentials or other sensitive information.

Secondary Method: Social Engineering

Using content to lure the victim, in this case, by appearing to give help.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
paypal-logiin.blogspot.com
Registered
None
Registrar
None
Estado
Inactive

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
139,9 KB

🔗 API Endpoints Detected

Other
1

🔐 Obfuscation Detected

  • : Light

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Coinbase
https://www.coinbaselogind.blogspot.com/
Fev 06, 2026
 Screenshot
PayPal
https://paypal-logiin.blogspot.com/?m=1/
Jan 22, 2026

Scan History for www.paypal-logiin.blogspot.com

Found 1 other scan for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.