EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of www.lemsunspares.com

Informações de Detecção

http://www.lemsunspares.com/wp-content/plugins/modern-admin/sixmonthes/login.php
Detected Brand
Chase
Country
USA
Confiança
96%
HTTP Status
200
Report ID
75ed1330-d5d…
Analyzed
2026-01-31 18:22

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1E611AF110005ECB6C561F5B0D39599011696C720CB9B180097FCD7BD3AF5C99CE875B9
CONTENT ssdeep
12:nwMy7F8L1PZLEIzicYuPKH833YPKHPf35cElBmPKHm433XjGuuRStGuaHWgTK5VO:n/CcVZLvzFJvxcElBpZoS723F/N

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
888c6e7367267ab1
VISUAL aHash
10391c3e7c581c01
VISUAL dHash
e57330f0d1b9e8b1
VISUAL wHash
103d3f3e7c783c41
VISUAL colorHash
06c00000040
VISUAL cropResistant
637370f491b1e8b1,999323ab2bf868e8,8ebc94d9786689d0,e57330f0d1b9e8b1,c3c3e56522f153ca

Análise de Código

Risk Score 81/100
Nível de Ameaça ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing de credenciais
• Alvo: Clientes Chase
• Método: Imitação da página de login da Chase.
• Exfil: Bot Telegram
• Indicadores: Incompatibilidade de domínio, Formulário pedindo nome de usuário, senha, número de telefone.
• Risco: ALTO

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • fromCharCode
  • unicode_escape

📤 Form Action Targets

  • post.php

🔑 Telegram Bot Tokens (1)

  • 7489476150:AAGW...uVlQBTec

📊 Detalhamento da Pontuação de Risco

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain does not match the brand being impersonated.
Credential Harvesting Form
The site contains a form requesting sensitive user credentials.
Javascript Obfuscation
Javascript obfuscation used to hide malicious code
Telegram Token Detected
Telegram token is a sign that information will be sent to the attackers.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Credential Harvesting Kit
Alvo
Chase users (USA)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend
Avaliação de Risco
CRITICAL - Automated credential harvesting with Telegram Bot (7489476150:AAGWFiFsn...) + HTTP POST to backend

⚠️ Indicators of Compromise

  • 1 Telegram bot token(s)
  • Kit types: Credential Harvester
  • 84 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Chase
Official Website
null
Fake Service
Chase Login

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker has set up a website that mimics the Chase login page. The user is tricked into entering their login credentials and phone number into the fake form. This is used by the attacker to gain access to the user's account.

📡 Infraestrutura de Comando e Controle Telegram

Bot Token (Masked)
7489476150:AAGW...uVlQBTec
Bot ID
7489476150
Group/Chat ID
Unknown
Operator Language
Unknown

💬 Message Templates (3)

ID Português Inglês Trigger

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
www.lemsunspares.com
Registered
2022-07-19T07:04:28+00:00
Registrar
NameCheap
Estado
Active

🔬 JavaScript Deep Analysis

Total Code Size
360,1 KB

🔗 API Endpoints Detected

Other
6

🔐 Obfuscation Detected

  • : Moderate

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Chase
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Jan 31, 2026
No screenshot
Unknown
https://www.lemsunspares.com/wp-content/plugins/modern-admin...
Jan 06, 2026
 Screenshot
Chase
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Jan 01, 2026
No screenshot
Unknown
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Dez 24, 2025
No screenshot
Unknown
http://lemsunspares.com/wp-content/plugins/modern-admin/sixm...
Dez 24, 2025

Scan History for www.lemsunspares.com

Found 4 other scans for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.