EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of amelivitale-infoassurance.com

Detection Info

https://amelivitale-infoassurance.com/index.php
Detected Brand
Le Monde
Country
France
Confidence
100%
HTTP Status
200
Report ID
ed5f26d5-20bโ€ฆ
Analyzed
2026-01-25 19:45
Final URL (after redirects)
https://www.lemonde.fr/en/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T13E04A5E1A050677E425F87C99BB1FFDCB3EA105EFA980846C2E8439452D7CD0EEAB544
CONTENT ssdeep
1536:XaohankLm3ejy4BraXB2u5csbN/969kkaptdSInqQUAF12Ib/lB6ZBFB7ByBS:XaohanhDcAF1vlBUBFB7ByBS

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
984b673665671e98
VISUAL aHash
001c3c3c1c3c3c00
VISUAL dHash
1771713331296916
VISUAL wHash
003c7c3c3c3e7e4a
VISUAL colorHash
07200000180
VISUAL cropResistant
62329a22b2aa332b,1771713331296916

Code Analysis

Risk Score 82/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Banking ๐ŸŽฃ Personal Info

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Cookie consent phishing
โ€ข Target: Le Monde users
โ€ข Method: Fake cookie consent popup
โ€ข Exfil: Potential data collection via obfuscated JavaScript
โ€ข Indicators: Domain mismatch, recent domain, obfuscation
โ€ข Risk: HIGH - Potential data theft

๐Ÿ”’ Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • base64_strings

๐ŸŽฏ Kit Endpoints

  • https://www.lemonde.fr/actualite-medias/article/2010/11/03/la-charte-d-ethique-et-de-deontologie-du-groupe-le-monde_1434737_3236.html

๐Ÿ“ก API Calls Detected

  • https://payments.google.com/payments/v4/js/integrator.js?ss=md
  • keyval-store
  • /ajax/fetchLives
  • https://clients2.google.com/gr/gr_full_2.0.8.js
  • POST
  • GET
  • https://cdn.amplitude.com/libs/amplitude-4.2.1-min.gz.js

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, and Banking kits with real-time form interception capabilities.
High Obfuscation
112 obfuscation techniques detected, indicating deliberate evasion of static analysis and automated detection.
Brand Impersonation
Impersonating Le Monde, a high-profile media brand, to lend credibility to the phishing campaign.
Malicious JavaScript Files
Large JavaScript files (1.19 MB total) with no legitimate purpose detected, likely containing malicious payloads.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Credential Theft (Fake Le Monde Login)
Target
Le Monde users (International)
Exfiltration Channel
N/A (Landing page - no direct data collection)

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
Le Monde
Official Website
https://www.lemonde.fr
Fake Service
Account verification and cookie consent management

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The phishing kit is designed to capture user credentials by presenting a fake login form that mimics Le Monde's authentication process. Submitted credentials are likely exfiltrated in real-time to an attacker-controlled server for immediate use in account takeover attacks.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) by prompting users to enter OTPs under the guise of account verification or security checks. Captured OTPs are then used to bypass multi-factor authentication (MFA) protections.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
amelivitale-infoassurance.com
Registered
2026-01-21 23:44:37+00:00
Registrar
Hosting Concepts B.V. d/b/a Registrar.eu
Status
Recently registered (3 days old)

๐Ÿฆ  Malicious Files

Main File
File Size

Large JavaScript file with high obfuscation, likely containing credential harvesting and OTP interception logic.

๐Ÿ”ฌ JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
1.2ย MB

๐Ÿ”— API Endpoints Detected

Other
99
Backend API
1

๐Ÿ” Obfuscation Detected

  • : None
  • : Moderate
  • : None
  • : None
  • : Light
  • : Moderate
  • : Light
  • : Moderate
  • : Light
  • : Light
  • : Light
  • : Moderate
  • : Light
  • : Light
  • : Light
  • : Light
  • : Light

๐Ÿค– AI-Extracted Threat Intelligence

๐ŸŽฏ Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/8b1537ddb187.png
May 16, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/136e22292af9.png
Apr 30, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/af6232cdea5c.png
Apr 24, 2026
 Screenshot
Le Monde
https://mdl-livreur.info/
Apr 24, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/1ef9dfb34689.png
Mar 29, 2026

Scan History for amelivitale-infoassurance.com

Found 4 other scans for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.