EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Información de Detección

https://s.yam.com/ZSO1S
Detected Brand
Yam
Country
International
Confianza
100%
HTTP Status
200
Report ID
ec50686c-141…
Analyzed
2026-01-27 23:58

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T18361E7B7E98446B27B53C1F0EAD9480C9702C9CDC7A311D2C9D4026E57A4DB7DC4A16C
CONTENT ssdeep
48:nY5bAVVd6jPJYoD/k6jPBrRV9FP1A2AFP5fJtWtFPMBiw9tKBTtw9t7Bsw9tKB7L:n909TBn9YLfqttw7qtw7qw7xqVB

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9999666666669999
VISUAL aHash
0018181818180000
VISUAL dHash
00b2b2b030301000
VISUAL wHash
183c3c3c3c3c3c00
VISUAL colorHash
38000000c00
VISUAL cropResistant
cc0a4848484fcee0,00b2b2b030301000

Análisis de Código

Risk Score 100/100
Nivel de Amenaza BAJO
🎣 Credential Harvester 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Posible redirección a un enlace potencialmente malicioso.
• Objetivo: Usuarios del servicio Yam Share
• Método: Redirección automática después de una cuenta regresiva
• Exfil: No se detecta exfiltración directa, pero posible redirección a un sitio malicioso.
• Indicadores: Dominio de acortador de enlaces con redirección automática. El dominio de destino parece sospechoso.
• Riesgo: BAJO - Redirección a una ubicación posiblemente no segura.

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • https://www.google.com/ccm/geo
  • POST

📊 Desglose de Puntuación de Riesgo

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester and Personal Info kit types with real-time form interception capabilities.
High Obfuscation
100 obfuscation techniques detected, indicating deliberate evasion of static analysis and manual inspection.
Brand Impersonation
Impersonates Yam, a legitimate service, to deceive users into submitting sensitive information.
Suspicious JavaScript Files
Presence of dynamic_widget_v1.js (0.19 MB) with no clear legitimate purpose and potential for malicious payload delivery.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Yam users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Banking, Personal Info
  • 100 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Yam
Official Website
https://www.yam.com
Fake Service
Unknown (no specific service or claims detected)

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit employs form fields to capture user credentials in real-time. Submitted data is likely exfiltrated to a remote server controlled by the attacker, enabling account takeover or identity theft.

Secondary Method: Personal Information Theft

Additional forms may be designed to harvest personally identifiable information (PII) such as names, addresses, or phone numbers, which can be used for further social engineering or sold on dark web marketplaces.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
s.yam.com
Registered
1996-02-14 05:00:00+00:00
Registrar
Network Solutions, LLC
Estado
Active (10940 days old)

🦠 Malicious Files

Main File
File Size

Highly obfuscated JavaScript file with potential for credential harvesting or malicious payload delivery.

📊 Diagrama de Flujo de Ataque

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING LURE                          │
│    - Fake email/SMS impersonating Yam Banking            │
│    - Contains link to fraudulent login page              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE YAM SITE                            │
│    - Loads spoofed Banking portal                        │
│    - Displays convincing login interface                 │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION                                 │
│    - Victim enters Banking credentials                   │
│    - Form captures input data                            │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Credentials sent via HTTP POST                      │
│    - Standard form submission to attacker server         │
└──────────────────────────────────────────────────────────┘

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
197,3 KB

🔗 API Endpoints Detected

Other
11

🔐 Obfuscation Detected

  • : None
  • : Moderate

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING LURE                          │
│    - Fake email/SMS impersonating Yam Banking            │
│    - Contains link to fraudulent login page              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE YAM SITE                            │
│    - Loads spoofed Banking portal                        │
│    - Displays convincing login interface                 │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION                                 │
│    - Victim enters Banking credentials                   │
│    - Form captures input data                            │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Credentials sent via HTTP POST                      │
│    - Standard form submission to attacker server         │
└──────────────────────────────────────────────────────────┘

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Planters Telephone Cooperative
https://good-input-332054.framer.app/
Jun 12, 2026
 Screenshot
Instagram
https://www.instagrammer-three.vercel.app/
Mar 21, 2026
No screenshot
Databáze Everesta s.r.o. (Unknown)
https://db.everesta.cz/
Feb 22, 2026
 Screenshot
SurgeWeb
https://precious-language-102277.framer.app/
Feb 11, 2026
 Screenshot
SurgeWeb
https://precious-language-102277.framer.app/
Feb 11, 2026

Scan History for s.yam.com

Found 10 other scans for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.