Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://s.yam.com/UDc8r
Detected Brand
Yam Share
Country
International
Confianza
100%
HTTP Status
200
Report ID
d9cc28c3-391…
Analyzed
2026-03-02 06:38
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FB61D8B7E89406767B53C2F1EAC958089702DECDC6A312D2CDD4036E56A4EB7DC4616C |
|
CONTENT
ssdeep
|
48:TY5bAVVd6jPJYoD/k6jPBrRV9FP1A2AFP5fJtWtFPMBiw9tKBTtw9t7Bsw9tKB7f:T909TBn9YLfqttw7qtw7qw71qVB |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9998666766669999 |
|
VISUAL
aHash
|
0018181818180000 |
|
VISUAL
dHash
|
00b2b2b030301000 |
|
VISUAL
wHash
|
183c3c3c3c3c3c00 |
|
VISUAL
colorHash
|
38000000c00 |
|
VISUAL
cropResistant
|
cc884868484fcee0,00b2b2b030301000 |
Análisis de Código
Risk Score
100/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de Yam Share
• Método: Redirección a un sitio malicioso.
• Exfil: La ofuscación de JavaScript puede usarse con fines maliciosos.
• Indicadores: Alojamiento gratuito, redirección de JavaScript, ofuscación.
• Riesgo: ALTO
🔒 Obfuscation Detected
- atob
- fromCharCode
- unicode_escape
- base64_strings
📡 API Calls Detected
- https://www.google.com/ccm/geo
- POST
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Free Hosting
The website uses a free hosting service (glitch.me), a common tactic used by phishers.
JavaScript Redirection
The page redirects the user to another URL, likely to a phishing or malicious site. The JavaScript obfuscation increases the risk.
Domain Age
Domain has a long history, but its current usage is suspicious.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
Yam Share users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Banking, Personal Info
- 47 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Yam Share
Fake Service
Unknown
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The site uses a redirect to a malicious site that is likely a credential harvesting attempt. The obfuscated Javascript is used to make the redirect harder to detect. The site uses a logo of Yam Share to increase trust.
Secondary Method: Malware distribution
The destination page could try to distribute malware. The Javascript obfuscation may be used to load malicious code.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
s.yam.com
Registered
1996-02-14 05:00:00+00:00
Registrar
None
Estado
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for s.yam.com
Found 10 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.