Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
http://www.lavozdelaranda.es/wp-content/themes/magplus/admin/app/index.php?userid=e2c78e194c75fbb8c4155bac9d794740&ue=6083690d6e3e0c06899e5335b604aa45
Detected Brand
Mediapart
Country
France
Confidence
100%
HTTP Status
200
Report ID
d1809ce0-7e3β¦
Analyzed
2026-01-27 04:44
Final URL (after redirects)
https://www.mediapart.fr/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1164575E16620A3AD90C7DAEDDF39DE90530F40BAB9B6D6C14ABEC75C9447D80FB06814 |
|
CONTENT
ssdeep
|
3072:fxiVG+6cP20Df5eoOx24JN1MnTT1OIFg9JznfngguHSwqKBhfEiR98UCgCZz1WEO:fqaMoOgUxh+w9L |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
db493466629e1c9d |
|
VISUAL
aHash
|
00183c3c3c3c1c00 |
|
VISUAL
dHash
|
4c7971717969313f |
|
VISUAL
wHash
|
0018bdbdbdbdbd00 |
|
VISUAL
colorHash
|
0e200038000 |
|
VISUAL
cropResistant
|
f8dcacc38e5d5588,4c7971717969313f,3434b5d4d4353434 |
Code Analysis
Risk Score
80/100
Threat Level
BAJO
π£ Credential Harvester
π£ Personal Info
π¬ Threat Analysis Report
β’ Threat: None detected
β’ Target: General audience of Mediapart
β’ Method: Legitimate news website with cookie consent
β’ Exfil: No data exfiltration detected
β’ Indicators: Domain matches brand, legitimate content
β’ Risk: LOW - No phishing detected
π Credential Harvesting Forms
π Obfuscation Detected
- atob
- eval
- fromCharCode
- unicode_escape
- base64_strings
π― Kit Endpoints
- //blogs.mediapart.fr/olivier-tonneau/blog/250126/minneapolis-france
- //blogs.mediapart.fr/diagrammes/blog/230126/veronica-gago-la-laboratoire-argentin-22
- //blogs.mediapart.fr/chloe-maurel/blog/220126/trump-davos-un-president-voyou-devant-un-parterre-de-milliardaires
- https://blogs.mediapart.fr/charte-de-participation
- //blogs.mediapart.fr/la-sellette/blog/220126/chronique-d-audience-profil-bas
- //blogs.mediapart.fr/jean-pierre-thibaudat/blog/250126/van-hove-brouille-hamlet-creuzevault-bonifie-pylade
- //blogs.mediapart.fr/ali-zare-ghanatnowi/blog/250126/en-iran-danser-devant-la-mort-pour-briser-le-silence
- //blogs.mediapart.fr/charte-de-participation
- //blogs.mediapart.fr/pascal-maillard/blog/260126/alia-appelle-les-deputes-rejeter-la-loi-contre-lantisemitisme
- https://www.mediapart.fr/charte-de-deontologie
- //blogs.mediapart.fr/romain-leclaire/blog/240126/l-effondrement-de-la-fiabilite-de-chatgpt-face-la-contamination-par-grokipedia
- /journal/france/240126/logement-les-faux-semblants-du-plan-lecornu
- https://blogs.mediapart.fr/
- //blogs.mediapart.fr/remi-nolosset/blog/220126/que-faire-de-la-commune-i-penser-un-terrain-de-lutte-0
- //blogs.mediapart.fr/michael-hajdenberg/blog/230126/les-comploteurs-en-prison-et-en-librairie
- //blogs.mediapart.fr/felipe-milanez/blog/210126/deux-ans-sans-justice-sur-l-assassinat-de-la-chamane-nega-pataxo-au-bresil
- //blogs.mediapart.fr/sudfa/blog/230126/les-jungo-soudanais-au-maroc-entre-resilience-et-espoir
- /journal/international/230126/david-hamou-sociologue-en-espagne-le-municipalisme-pris-d-assaut-les-mairies-pour-les-subvertir-de
- //blogs.mediapart.fr/stephanie-lamy/blog/220126/masculinismes-neuf-idees-recues-qui-empechent-de-qualifier-la-menace
- //blogs.mediapart.fr/marie-cosnay/blog/230126/au-coeur-de-nos-entrailles-3
- //blogs.mediapart.fr/bernard-vincent/blog/260126/andre-burguiere-1938-2026-grand-historien-grand-humaniste
- //blogs.mediapart.fr/cecile-ondoa-abeng/blog/220126/jean-marc-morandini-doit-quitter-l-antenne-de-cnews
- //blogs.mediapart.fr/la-scas-section-carrement-anti-sterin/blog/220126/il-faut-boycotter-smartbox
- //blogs.mediapart.fr/yves-guillerault/blog/240126/le-mythe-du-premier-de-cordee
- //blogs.mediapart.fr/la-sdj-de-mediapart/blog/220126/quand-europe-1-espionne-thomas-legrand-ceci-n-est-pas-du-journalisme
- //blogs.mediapart.fr/
- //blogs.mediapart.fr/saskia87/blog/210126/la-grenouille-et-le-castor
- //blogs.mediapart.fr/aurelie-el-hassak-marzorati/blog/230126/hebergement-d-urgence-peut-encore-faire-de-la-dignite-une-norme
- //blogs.mediapart.fr/agenda
- /journal/international/150126/le-regime-iranien-n-plus-que-son-ideologie-sa-chute-est-ineluctable
- /charte-de-deontologie
- //blogs.mediapart.fr/pascal-santoni/blog/220126/les-raisons-de-la-casse-des-services-publics
- /journal/politique/260126/en-s-alliant-majoritairement-avec-le-ps-les-ecologistes-vont-dans-le-sens-de-la-macronie
- /journal/ecologie
- /journal/ecologie/240126/toby-kiers-les-champignons-ont-besoin-de-serieuses-mesures-de-conservation
- //blogs.mediapart.fr/edwy-plenel/blog/220126/andre-burguiere-historien-genereux-0
- //blogs.mediapart.fr/sophiem75/blog/170126/baisse-de-la-natalite-en-france-les-medias-s-alarment-les-couples-en-pma-oublies
- //blogs.mediapart.fr/un-ensemble-de-psychiatres-et-de-soignants/blog/230126/allier-xenophobie-et-psychophobie-est-une-double-insulte-aux-valeurs
- //blogs.mediapart.fr/anna-colin-lebedev/blog/220126/hommage-du-kremlin-un-film-au-service-du-narratif-russe
- //blogs.mediapart.fr/guillaume-lasserre/blog/240126/gen-z-la-croisee-des-identites
- //blogs.mediapart.fr/blogs
- //blogs.mediapart.fr/claude-lelievre/blog/220126/le-mysterieux-nouveau-ministre-de-l-education-nationale
- //blogs.mediapart.fr/un-ensemble-de-militant-es-ecologistes/blog/260126/municipales-2026-la-social-ecologie-preferons-l-ecologie-de-rupture
- /login
- //blogs.mediapart.fr/basilegiraud/blog/301225/de-la-honte-la-haine-anatomie-d-une-violence-annoncee
- //blogs.mediapart.fr/stephanie-lamy/blog/210126/terrorisme-masculiniste-anticiper-le-backlash-au-processus-de-securitisation
- /journal/ecologie/230126/laits-contamines-l-inertie-de-nestle-l-inaction-de-l-etat
- //blogs.mediapart.fr/guillaume-lasserre/blog/170126/le-monde-suspendu-de-georges-de-la-tour
- /studio/documentaires/culture-et-idees/saudades-do-rio-doce-apres-la-catastrophe-ecologique
- //blogs.mediapart.fr/yves-faucoup/blog/230126/cancers-pediatriques-un-combat-citoyen-contre-les-pesticides
- //blogs.mediapart.fr/editions
- //blogs.mediapart.fr/olivier-rachet/blog/250126/repenser-le-patrimoine-museal-avec-benedicte-savoy
- //blogs.mediapart.fr/48H
π‘ API Calls Detected
- GET
π€ Form Action Targets
- /journal/une/270126
π Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected Credential Harvester and Personal Info kit with real-time form interception (1 form detected).
Obfuscation Techniques
58 obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.
Compromised Legitimate Domain
Phishing kit hosted on a compromised WordPress site (www.lavozdelaranda.es).
Brand Impersonation
Impersonating Mediapart, a legitimate news service, to harvest credentials and personal information.
π¬ Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
Mediapart users (France)
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend
β οΈ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 58 obfuscation techniques
π’ Brand Impersonation Analysis
Impersonated Brand
Mediapart
Official Website
https://www.mediapart.fr
Fake Service
Fake data consent or login portal
βοΈ Attack Methodology
Primary Method: Credential Harvesting
The phishing kit presents a fake Mediapart login or data consent form to capture user credentials. Submitted data is likely exfiltrated to an attacker-controlled server via HTTP POST requests or JavaScript-based interception.
Secondary Method: Personal Information Theft
The form field 'Votre choix pour vos donnΓ©es' suggests an attempt to harvest additional personal data under the guise of user consent or preferences, which can be used for identity theft or further targeted attacks.
π Infrastructure Indicators of Compromise
Domain Information
Domain
www.lavozdelaranda.es
Registered
Unknown
Registrar
Unknown
Status
Age unknown
π¦ Malicious Files
Main File
File Size
Highly obfuscated JavaScript file likely containing credential harvesting logic.
π Attack Flow Diagram
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. VICTIM RECEIVES PHISHING LURE β
β - Email/SMS with fake Mediapart Banking alert β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 2. VICTIM CLICKS MALICIOUS LINK β
β - Redirects to fake Mediapart login page β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 3. FAKE LOGIN FORM DISPLAYED β
β - Mimics legitimate Mediapart interface β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 4. CREDENTIALS ENTERED & CAPTURED β
β - Victim submits login details β
β - Data collected via form submission β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 5. DATA EXFILTRATION β
β - Credentials sent via HTTP POST to attacker server β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π¬ JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
613.4Β KB
π API Endpoints Detected
Other
20
Backend API
1
π Obfuscation Detected
- : Light
- : Heavy
- : None
- : Light
- : Moderate
π€ AI-Extracted Threat Intelligence
π Attack Flow
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. VICTIM RECEIVES PHISHING LURE β
β - Email/SMS with fake Mediapart Banking alert β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 2. VICTIM CLICKS MALICIOUS LINK β
β - Redirects to fake Mediapart login page β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 3. FAKE LOGIN FORM DISPLAYED β
β - Mimics legitimate Mediapart interface β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 4. CREDENTIALS ENTERED & CAPTURED β
β - Victim submits login details β
β - Data collected via form submission β
ββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 5. DATA EXFILTRATION β
β - Credentials sent via HTTP POST to attacker server β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π― Malicious Files Identified
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for www.lavozdelaranda.es
Found 10 other scans for this domain
-
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
http://www.lavozdelaranda.es/wp-content/themes/mag...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.