EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of s.yam.com

Informações de Detecção

https://s.yam.com/jQLTw
Detected Brand
Yam Share (likely)
Country
International
Confiança
100%
HTTP Status
200
Report ID
1381a1df-408…
Analyzed
2026-03-02 06:38

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T10B71EAB7E9940676BF53C1F1DEC5580C96029ECDD6A311D2CDD4026E5AA0EB2DC4A0AC
CONTENT ssdeep
48:TY5bAVVd6jPJYoD/k6jPBrRV9FP1A2AFP5fJtWtFPMBiw9tKBTtw9t7Bsw9tKB73:T909TBn9YLfqttw7qtw7qw7FqVB

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9998666766669999
VISUAL aHash
0018181818180000
VISUAL dHash
00b2b2b030301000
VISUAL wHash
183c3c3c3c3c3c00
VISUAL colorHash
38008000c00
VISUAL cropResistant
ccc84868684fcee0,00b2b2b030301000

Análise de Código

Risk Score 100/100
Nível de Ameaça ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Desconhecido
• Método: Redirecionamento
• Exfil: Desconhecido, provavelmente para outro site.
• Indicadores: URL do IPFS, contagem regressiva e ofuscação.
• Risco: ALTO

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • https://www.google.com/ccm/geo
  • POST

📊 Detalhamento da Pontuação de Risco

Total Risk Score
90/100

Contributing Factors

Suspicious URL/Redirect
URL is an IPFS address, indicating an attempt to obfuscate the final destination
Obfuscation
Obfuscation is often used to hide malicious code.
Countdown
Countdown timer create urgency and pressure to click on the button, which is suspicious.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
Yam Share (likely) users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Banking, Personal Info
  • 47 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Yam Share

⚔️ Metodologia de Ataque

Primary Method: Redirect Attack

The website uses a shortened URL to redirect the user to a potentially malicious IPFS-hosted resource.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
s.yam.com
Registered
1996-02-14
Registrar
Unknown
Estado
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Yam (蕃薯藤)
https://s.yam.com/YkEGu
Abr 10, 2026
 Screenshot
Yam Share
https://s.yam.com/UDc8r
Mar 02, 2026
 Screenshot
yam Share
https://s.yam.com/C7C0J
Mar 02, 2026

Scan History for s.yam.com

Found 10 other scans for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.