# am.ugfatm.shop — MALICIOUS

> am.ugfatm.shop is an active phishing site posing serious risks. Stay alert and avoid interaction. Check your security now with PhishDestroy.

## Summary
PhishDestroy identifies am.ugfatm.shop as a high-risk phishing domain actively targeting unsuspecting users. This malicious site attempts to deceive individuals by mimicking legitimate platforms or services, aiming to steal sensitive information such as login credentials, personal data, or financial details. Engaging with this domain can lead to identity theft, financial loss, and unauthorized access to personal accounts.

The phishing technique employed by am.ugfatm.shop involves creating a convincing fake website that entices victims to enter confidential information. The domain resolves to IP 104.21.30.162 and is flagged by 18 out of 95 security vendors on VirusTotal, highlighting its malicious nature. Such phishing campaigns often arrive via phishing emails, social media messages, or deceptive advertisements, tricking users into believing the site is trustworthy.

If you have visited am.ugfatm.shop, it is crucial to immediately cease any interaction with the site. Users should scan their devices with updated security software and change passwords associated with any accounts potentially compromised. Monitoring financial statements for suspicious activity and reporting the incident to relevant authorities or IT security teams is also advised. Staying informed and cautious remains the best defense against these evolving phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: AMAZON

## Domain Intelligence
- Registrar: Dynadot Inc.
- IP: 104.21.30.162
- Nameservers: ["jasper.ns.cloudflare.com", "walk.ns.cloudflare.com"]

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "OpenPhish", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://i.ibb.co/3mr5FHj3/2a309a8c79ee.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e5c2c18e-014c-47f8-bb45-1046da039e80
- PhishDestroy: https://phishdestroy.io/domain/am.ugfatm.shop/
- LLM endpoint: https://phishdestroy.io/domain/am.ugfatm.shop/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/am.ugfatm.shop/
Last updated: 2026-03-19