Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
http://lemsunspares.com/wp-content/plugins/modern-admin/sixmonthes
Detected Brand
Chase
Country
USA
Confianza
96%
HTTP Status
200
Report ID
c64f295f-73f…
Analyzed
2026-01-31 18:23
Final URL (after redirects)
http://www.lemsunspares.com/wp-content/plugins/modern-admin/sixmonthes/login.php
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E611AF110005ECB6C561F5B0D39599011696C720CB9B180097FCD7BD3AF5C99CE875B9 |
|
CONTENT
ssdeep
|
12:nwMy7F8L1PZLEIzicYuPKH833YPKHPf35cElBmPKHm433XjGuuRStGuaHWgTK5VO:n/CcVZLvzFJvxcElBpZoS723F/N |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
888c6e7367267ab1 |
|
VISUAL
aHash
|
10391c3e7c581c01 |
|
VISUAL
dHash
|
e57330f0d1b9e8b1 |
|
VISUAL
wHash
|
103d3f3e7c783c41 |
|
VISUAL
colorHash
|
06c00000040 |
|
VISUAL
cropResistant
|
637370f491b1e8b1,999323ab2bf868e8,8ebc94d9786689d0,e57330f0d1b9e8b1,c3c3e56522f153ca |
Análisis de Código
Risk Score
81/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
Telegram Exfiltration
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Clientes de Chase
• Método: Suplantación de identidad a través de un formulario de inicio de sesión falso
• Exfil: post.php, Bot de Telegram (potencialmente)
• Indicadores: Dominio no coincidente, formulario que solicita credenciales.
• Riesgo: ALTO
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- fromCharCode
- unicode_escape
📤 Form Action Targets
- post.php
🔑 Telegram Bot Tokens (1)
- 7489476150:AAGW...uVlQBTec
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain does not belong to the target brand.
Form with sensitive fields
The form asks for username, password, and phone number.
Obfuscation Detected
Code Obfuscation.
Exfiltration Target Detected
Telegram token detected.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Credential Harvesting Kit
Objetivo
Chase users (USA)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend
⚠️ Indicators of Compromise
- 1 Telegram bot token(s)
- Kit types: Credential Harvester
- 28 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Chase
Official Website
https://www.chase.com/
Fake Service
Chase Online Banking
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker is using a fake login form to collect user credentials.
Secondary Method: Potential use of a Telegram bot for exfiltration of stolen credentials.
Stolen credentials might be sent to a Telegram bot for easy access by the attacker.
📡 Infraestructura de Comando y Control Telegram
Bot Token (Masked)
7489476150:AAGW...uVlQBTec
Bot ID
7489476150
Group/Chat ID
Unknown
Operator Language
Unknown
💬 Message Templates (3)
| ID | Portugués | Inglés | Trigger |
|---|---|---|---|
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
lemsunspares.com
Registered
2022-07-19
Registrar
Unknown
Estado
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Chase
http://www.lemsunspares.com/wp-content/plugins/modern-admin/...
Ene 31, 2026
No screenshot
Unknown
https://www.lemsunspares.com/wp-content/plugins/modern-admin...
Ene 06, 2026
Chase
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Ene 01, 2026
No screenshot
Unknown
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Dic 24, 2025
No screenshot
Unknown
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Dic 24, 2025
Scan History for lemsunspares.com
Found 10 other scans for this domain
-
https://www.lemsunspares.com/wp-content/plugins/mo...
http://lemsunspares.com/wp-content/plugins/modern-...
http://lemsunspares.com/wp-content/plugins/modern-...
https://lemsunspares.com/wp-content/plugins/modern...
http://www.lemsunspares.com/wp-content/plugins/mod...
https://www.lemsunspares.com/wp-content/plugins/mo...
https://www.lemsunspares.com/wp-content/plugins/mo...
https://www.lemsunspares.com/wp-content/plugins/mo...
http://lemsunspares.com/wp-content/plugins/modern-...
https://lemsunspares.com/wp-content/plugins/modern...
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.