EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://s.yam.com/ZSO1S
Detected Brand
Yam
Country
International
Confiança
100%
HTTP Status
200
Report ID
ec50686c-141…
Analyzed
2026-01-27 23:58

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T18361E7B7E98446B27B53C1F0EAD9480C9702C9CDC7A311D2C9D4026E57A4DB7DC4A16C
CONTENT ssdeep
48:nY5bAVVd6jPJYoD/k6jPBrRV9FP1A2AFP5fJtWtFPMBiw9tKBTtw9t7Bsw9tKB7L:n909TBn9YLfqttw7qtw7qw7xqVB

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9999666666669999
VISUAL aHash
0018181818180000
VISUAL dHash
00b2b2b030301000
VISUAL wHash
183c3c3c3c3c3c00
VISUAL colorHash
38000000c00
VISUAL cropResistant
cc0a4848484fcee0,00b2b2b030301000

Análise de Código

Risk Score 100/100
Nível de Ameaça BAJO
🎣 Credential Harvester 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Possível redirecionamento para um link potencialmente malicioso.
• Alvo: Usuários do serviço Yam Share
• Método: Redirecionamento automático após uma contagem regressiva.
• Exfil: Nenhuma exfiltração direta detectada, mas potencial redirecionamento para um site malicioso.
• Indicators: Domínio de encurtador de links com redirecionamento automático. O domínio de destino parece suspeito.
• Risco: BAIXO - Redirecionamento para um local possivelmente inseguro.

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • https://www.google.com/ccm/geo
  • POST

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester and Personal Info kit types with real-time form interception capabilities.
High Obfuscation
100 obfuscation techniques detected, indicating deliberate evasion of static analysis and manual inspection.
Brand Impersonation
Impersonates Yam, a legitimate service, to deceive users into submitting sensitive information.
Suspicious JavaScript Files
Presence of dynamic_widget_v1.js (0.19 MB) with no clear legitimate purpose and potential for malicious payload delivery.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
Yam users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Banking, Personal Info
  • 100 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Yam
Official Website
https://www.yam.com
Fake Service
Unknown (no specific service or claims detected)

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit employs form fields to capture user credentials in real-time. Submitted data is likely exfiltrated to a remote server controlled by the attacker, enabling account takeover or identity theft.

Secondary Method: Personal Information Theft

Additional forms may be designed to harvest personally identifiable information (PII) such as names, addresses, or phone numbers, which can be used for further social engineering or sold on dark web marketplaces.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
s.yam.com
Registered
1996-02-14 05:00:00+00:00
Registrar
Network Solutions, LLC
Estado
Active (10940 days old)

🦠 Malicious Files

Main File
File Size

Highly obfuscated JavaScript file with potential for credential harvesting or malicious payload delivery.

📊 Diagrama de Fluxo de Ataque

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING LURE                          │
│    - Fake email/SMS impersonating Yam Banking            │
│    - Contains link to fraudulent login page              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE YAM SITE                            │
│    - Loads spoofed Banking portal                        │
│    - Displays convincing login interface                 │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION                                 │
│    - Victim enters Banking credentials                   │
│    - Form captures input data                            │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Credentials sent via HTTP POST                      │
│    - Standard form submission to attacker server         │
└──────────────────────────────────────────────────────────┘

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
197,3 KB

🔗 API Endpoints Detected

Other
11

🔐 Obfuscation Detected

  • : None
  • : Moderate

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING LURE                          │
│    - Fake email/SMS impersonating Yam Banking            │
│    - Contains link to fraudulent login page              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE YAM SITE                            │
│    - Loads spoofed Banking portal                        │
│    - Displays convincing login interface                 │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION                                 │
│    - Victim enters Banking credentials                   │
│    - Form captures input data                            │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION                                     │
│    - Credentials sent via HTTP POST                      │
│    - Standard form submission to attacker server         │
└──────────────────────────────────────────────────────────┘

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Planters Telephone Cooperative
https://good-input-332054.framer.app/
Jun 12, 2026
 Screenshot
Instagram
https://www.instagrammer-three.vercel.app/
Mar 21, 2026
No screenshot
Databáze Everesta s.r.o. (Unknown)
https://db.everesta.cz/
Fev 22, 2026
 Screenshot
SurgeWeb
https://precious-language-102277.framer.app/
Fev 11, 2026
 Screenshot
SurgeWeb
https://precious-language-102277.framer.app/
Fev 11, 2026

Scan History for s.yam.com

Found 10 other scans for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.