SafeMode - Analysis: amelivitale-infoassurance.com

Captura Visual

Screenshot of amelivitale-infoassurance.com

Informações de Detecção

https://amelivitale-infoassurance.com/index.php

Detected Brand

Le Monde

Country

France

Confiança

100%

HTTP Status

200

Report ID

ed5f26d5-20b…

Analyzed

2026-01-25 19:45

Final URL (after redirects)

https://www.lemonde.fr/en/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T13E04A5E1A050677E425F87C99BB1FFDCB3EA105EFA980846C2E8439452D7CD0EEAB544
CONTENT ssdeep	1536:XaohankLm3ejy4BraXB2u5csbN/969kkaptdSInqQUAF12Ib/lB6ZBFB7ByBS:XaohanhDcAF1vlBUBFB7ByBS

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	984b673665671e98
VISUAL aHash	001c3c3c1c3c3c00
VISUAL dHash	1771713331296916
VISUAL wHash	003c7c3c3c3e7e4a
VISUAL colorHash	07200000180
VISUAL cropResistant	62329a22b2aa332b,1771713331296916

Análise de Código

Risk Score 82/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing de consentimento de cookies
• Alvo: Usuários do Le Monde
• Método: Popup falso de consentimento de cookies
• Exfil: Possível coleta de dados via JavaScript ofuscado
• Indicadores: Domínio não coincidente, domínio recente, ofuscação
• Risco: ALTO - Possível roubo de dados

🔒 Obfuscation Detected

atob
fromCharCode
unescape
base64_strings

🎯 Kit Endpoints

https://www.lemonde.fr/actualite-medias/article/2010/11/03/la-charte-d-ethique-et-de-deontologie-du-groupe-le-monde_1434737_3236.html

📡 API Calls Detected

https://payments.google.com/payments/v4/js/integrator.js?ss=md
keyval-store
/ajax/fetchLives
https://clients2.google.com/gr/gr_full_2.0.8.js
POST
GET
https://cdn.amplitude.com/libs/amplitude-4.2.1-min.gz.js

📊 Detalhamento da Pontuação de Risco

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester, OTP Stealer, and Banking kits with real-time form interception capabilities.

High Obfuscation

112 obfuscation techniques detected, indicating deliberate evasion of static analysis and automated detection.

Brand Impersonation

Impersonating Le Monde, a high-profile media brand, to lend credibility to the phishing campaign.

Malicious JavaScript Files

Large JavaScript files (1.19 MB total) with no legitimate purpose detected, likely containing malicious payloads.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Theft (Fake Le Monde Login)

Alvo

Le Monde users (International)

Canal de Exfiltração

N/A (Landing page - no direct data collection)

🏢 Análise de Falsificação de Marca

Impersonated Brand

Le Monde

Official Website

https://www.lemonde.fr

Fake Service

Account verification and cookie consent management

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit is designed to capture user credentials by presenting a fake login form that mimics Le Monde's authentication process. Submitted credentials are likely exfiltrated in real-time to an attacker-controlled server for immediate use in account takeover attacks.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) by prompting users to enter OTPs under the guise of account verification or security checks. Captured OTPs are then used to bypass multi-factor authentication (MFA) protections.