EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of lemsunspares.com

Detection Info

http://lemsunspares.com/wp-content/plugins/modern-admin/sixmonthes
Detected Brand
Chase
Country
USA
Confidence
96%
HTTP Status
200
Report ID
c64f295f-73fโ€ฆ
Analyzed
2026-01-31 18:23
Final URL (after redirects)
http://www.lemsunspares.com/wp-content/plugins/modern-admin/sixmonthes/login.php

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1E611AF110005ECB6C561F5B0D39599011696C720CB9B180097FCD7BD3AF5C99CE875B9
CONTENT ssdeep
12:nwMy7F8L1PZLEIzicYuPKH833YPKHPf35cElBmPKHm433XjGuuRStGuaHWgTK5VO:n/CcVZLvzFJvxcElBpZoS723F/N

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
888c6e7367267ab1
VISUAL aHash
10391c3e7c581c01
VISUAL dHash
e57330f0d1b9e8b1
VISUAL wHash
103d3f3e7c783c41
VISUAL colorHash
06c00000040
VISUAL cropResistant
637370f491b1e8b1,999323ab2bf868e8,8ebc94d9786689d0,e57330f0d1b9e8b1,c3c3e56522f153ca

Code Analysis

Risk Score 81/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester
Telegram Exfiltration

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Phishing
โ€ข Target: Chase customers
โ€ข Method: Impersonation through a fake login form
โ€ข Exfil: post.php, Telegram bot (potentially)
โ€ข Indicators: Mismatched domain, form requesting credentials.
โ€ข Risk: HIGH

๐Ÿ” Credential Harvesting Forms

๐Ÿ”’ Obfuscation Detected

  • fromCharCode
  • unicode_escape

๐Ÿ“ค Form Action Targets

  • post.php

๐Ÿ”‘ Telegram Bot Tokens (1)

  • 7489476150:AAGW...uVlQBTec

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain does not belong to the target brand.
Form with sensitive fields
The form asks for username, password, and phone number.
Obfuscation Detected
Code Obfuscation.
Exfiltration Target Detected
Telegram token detected.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
Chase users (USA)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend

โš ๏ธ Indicators of Compromise

  • 1 Telegram bot token(s)
  • Kit types: Credential Harvester
  • 28 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
Chase
Official Website
https://www.chase.com/
Fake Service
Chase Online Banking

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The attacker is using a fake login form to collect user credentials.

Secondary Method: Potential use of a Telegram bot for exfiltration of stolen credentials.

Stolen credentials might be sent to a Telegram bot for easy access by the attacker.

๐Ÿ“ก Telegram Command & Control Infrastructure

Bot Token (Masked)
7489476150:AAGW...uVlQBTec
Bot ID
7489476150
Group/Chat ID
Unknown
Operator Language
Unknown

๐Ÿ’ฌ Message Templates (3)

ID Portuguese English Trigger

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
lemsunspares.com
Registered
2022-07-19
Registrar
Unknown
Status
Active

๐Ÿค– AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Chase
http://www.lemsunspares.com/wp-content/plugins/modern-admin/...
Jan 31, 2026
No screenshot
Unknown
https://www.lemsunspares.com/wp-content/plugins/modern-admin...
Jan 06, 2026
 Screenshot
Chase
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Jan 01, 2026
No screenshot
Unknown
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Dec 24, 2025
No screenshot
Unknown
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Dec 24, 2025

Scan History for lemsunspares.com

Found 10 other scans for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.