SafeMode - Analysis: www.lemsunspares.com

Captura Visual

Información de Detección

http://www.lemsunspares.com/wp-content/plugins/modern-admin/sixmonthes/login.php

Detected Brand

Chase

Country

USA

Confianza

96%

HTTP Status

200

Report ID

75ed1330-d5d…

Analyzed

2026-01-31 18:22

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1E611AF110005ECB6C561F5B0D39599011696C720CB9B180097FCD7BD3AF5C99CE875B9
CONTENT ssdeep	12:nwMy7F8L1PZLEIzicYuPKH833YPKHPf35cElBmPKHm433XjGuuRStGuaHWgTK5VO:n/CcVZLvzFJvxcElBpZoS723F/N

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	888c6e7367267ab1
VISUAL aHash	10391c3e7c581c01
VISUAL dHash	e57330f0d1b9e8b1
VISUAL wHash	103d3f3e7c783c41
VISUAL colorHash	06c00000040
VISUAL cropResistant	637370f491b1e8b1,999323ab2bf868e8,8ebc94d9786689d0,e57330f0d1b9e8b1,c3c3e56522f153ca

Análisis de Código

Risk Score 81/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

Telegram Exfiltration

🔬 Threat Analysis Report

• Amenaza: Phishing de credenciales
• Objetivo: Clientes de Chase
• Método: Imitación de la página de inicio de sesión de Chase.
• Exfil: Bot de Telegram
• Indicadores: Desajuste de dominio, Formulario que solicita nombre de usuario, contraseña, número de teléfono.
• Riesgo: ALTO

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

fromCharCode
unicode_escape

📤 Form Action Targets

post.php

🔑 Telegram Bot Tokens (1)

7489476150:AAGW...uVlQBTec

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain does not match the brand being impersonated.

Credential Harvesting Form

The site contains a form requesting sensitive user credentials.

Javascript Obfuscation

Javascript obfuscation used to hide malicious code

Telegram Token Detected

Telegram token is a sign that information will be sent to the attackers.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Credential Harvesting Kit

Objetivo

Chase users (USA)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester
84 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Chase

Official Website

null

Fake Service

Chase Login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker has set up a website that mimics the Chase login page. The user is tricked into entering their login credentials and phone number into the fake form. This is used by the attacker to gain access to the user's account.