EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of ldmartin68.com

Detection Info

http://ldmartin68.com/amendesFrance
Detected Brand
amendes.gouv.fr
Country
France
Confidence
100%
HTTP Status
200
Report ID
382f8c7d-d1e…
Analyzed
2026-02-18 02:39
Final URL (after redirects)
http://ldmartin68.com/amendesFrance/infospage.php

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1C4F164626168383B427792CDBF92FF19C4E7C13BCA092C0186EC9B9D1ED5EE0D95425A
CONTENT ssdeep
96:IZfYIkzIoN5W4QkQC7JXntEGvEhW8jAYrZizaYO+0EtAlmTia5K2nDRA1Uebmw0r:MAI8IAbZl8l9f+0EtQmTLzeawRY

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b2b5189e199ec734
VISUAL aHash
ffc3e7ffffff0000
VISUAL dHash
238e8e001408acd0
VISUAL wHash
9f83c3f7e7e70000
VISUAL colorHash
07000000180
VISUAL cropResistant
230e8e0c0c140c0c,13eae81380aed4d0,a0e0f4b4c9c9d2d0

Code Analysis

Risk Score 82/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: French citizens using amendes.gouv.fr
• Method: Impersonation and data harvesting
• Exfil: infoz/infos.php (based on form actions)
• Indicators: Domain mismatch, form fields, obfuscation
• Risk: High

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • fromCharCode
  • unescape
  • unicode_escape
  • base64_strings

📤 Form Action Targets

  • infoz/infos.php

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain ldmartin68.com does not match the brand amendes.gouv.fr.
Form Data Collection
The site includes a form that is designed to capture personal and sensitive data.
Obfuscated Javascript
Obfuscation detected in javascript.
Impersonation
The site is trying to impersonate the French government website.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
amendes.gouv.fr users (France)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 44 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
amendes.gouv.fr
Official Website
https://www.amendes.gouv.fr/
Fake Service
Payment of fines.

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials by mimicking a legitimate website and requesting sensitive information via a form.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
ldmartin68.com
Registered
2004-12-22T17:28:32Z
Registrar
Namecheap, Inc.
Status
ACTIVE

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
République Française (amendes.gouv.fr)
http://dsignpost.com/infospage.php
Jun 02, 2026
 Screenshot
République Française (Amendes)
http://dsignpost.com
Jun 02, 2026
 Screenshot
République Française - ANTAI
http://antai-info-amende-non-payer.wasmer.app/wp-content/vsi...
Mar 24, 2026
 Screenshot
amendes.gouv.fr (French Government)
https://ldmartin68.com/amendesFrance/infospage.php
Mar 15, 2026
 Screenshot
amendes.gouv.fr (French Government)
https://serviceregulation.wasmer.app/wp-content/am/infospage...
Mar 01, 2026

Scan History for ldmartin68.com

Found 3 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.