SafeMode - Analysis: amelivitale-infoassurance.com

Captura Visual

Screenshot of amelivitale-infoassurance.com

Información de Detección

https://amelivitale-infoassurance.com/index.php

Detected Brand

Le Monde

Country

France

Confianza

100%

HTTP Status

200

Report ID

ed5f26d5-20b…

Analyzed

2026-01-25 19:45

Final URL (after redirects)

https://www.lemonde.fr/en/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T13E04A5E1A050677E425F87C99BB1FFDCB3EA105EFA980846C2E8439452D7CD0EEAB544
CONTENT ssdeep	1536:XaohankLm3ejy4BraXB2u5csbN/969kkaptdSInqQUAF12Ib/lB6ZBFB7ByBS:XaohanhDcAF1vlBUBFB7ByBS

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	984b673665671e98
VISUAL aHash	001c3c3c1c3c3c00
VISUAL dHash	1771713331296916
VISUAL wHash	003c7c3c3c3e7e4a
VISUAL colorHash	07200000180
VISUAL cropResistant	62329a22b2aa332b,1771713331296916

Análisis de Código

Risk Score 82/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing de consentimiento de cookies
• Objetivo: Usuarios de Le Monde
• Método: Popup falso de consentimiento de cookies
• Exfil: Posible recolección de datos a través de JavaScript ofuscado
• Indicadores: Dominio no coincidente, dominio reciente, ofuscación
• Riesgo: ALTO - Posible robo de datos

🔒 Obfuscation Detected

atob
fromCharCode
unescape
base64_strings

🎯 Kit Endpoints

https://www.lemonde.fr/actualite-medias/article/2010/11/03/la-charte-d-ethique-et-de-deontologie-du-groupe-le-monde_1434737_3236.html

📡 API Calls Detected

https://payments.google.com/payments/v4/js/integrator.js?ss=md
keyval-store
/ajax/fetchLives
https://clients2.google.com/gr/gr_full_2.0.8.js
POST
GET
https://cdn.amplitude.com/libs/amplitude-4.2.1-min.gz.js

📊 Desglose de Puntuación de Riesgo

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester, OTP Stealer, and Banking kits with real-time form interception capabilities.

High Obfuscation

112 obfuscation techniques detected, indicating deliberate evasion of static analysis and automated detection.

Brand Impersonation

Impersonating Le Monde, a high-profile media brand, to lend credibility to the phishing campaign.

Malicious JavaScript Files

Large JavaScript files (1.19 MB total) with no legitimate purpose detected, likely containing malicious payloads.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Credential Theft (Fake Le Monde Login)

Objetivo

Le Monde users (International)

Canal de Exfiltración

N/A (Landing page - no direct data collection)

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Le Monde

Official Website

https://www.lemonde.fr

Fake Service

Account verification and cookie consent management

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit is designed to capture user credentials by presenting a fake login form that mimics Le Monde's authentication process. Submitted credentials are likely exfiltrated in real-time to an attacker-controlled server for immediate use in account takeover attacks.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) by prompting users to enter OTPs under the guise of account verification or security checks. Captured OTPs are then used to bypass multi-factor authentication (MFA) protections.