EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

No screenshot available

Detection Info

https://services-publics.grupozasacr.com/
Detected Brand
amendes.gouv.fr
Country
France
Confidence
100%
HTTP Status
200
Report ID
62a48c45-2c6…
Analyzed
2026-01-28 08:58
Final URL (after redirects)
https://services-publics.grupozasacr.com/infospage.php

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T18AE164726158383B027792CDBE52FF29C4A7C12FCA4E2C0196EC9B5D1ED5EA0E94425B
CONTENT ssdeep
96:IZfYIkzIoN5W4QkQC7JXntEGvEhW8jxYrZizaYO+0ETia5K2nDRA1Uebmw0g9If:MAI8IAbZl8e9f+0ETLzeawRY

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b2b51c9e1b9cc334
VISUAL aHash
ffc3e7ffffff0000
VISUAL dHash
238e8e000c08b0c8
VISUAL wHash
9f83c3e7efe70000
VISUAL colorHash
07000000180
VISUAL cropResistant
230e8e0c140c0c10,13eae81380aed8d0,a0e0f4b4c9c9d2d0

Code Analysis

Risk Score 82/100
Threat Level BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Information gathering
• Target: Citizens of France paying traffic tickets online
• Method: Online form to collect personal information to pay tickets
• Exfil: Unknown, payment details
• Indicators: Official .gouv.fr domain
• Risk: LOW - Data collection by official service

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • fromCharCode
  • unescape
  • unicode_escape
  • base64_strings

📤 Form Action Targets

  • infoz/infos.php

📊 Risk Score Breakdown

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected active phishing kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
Credential Harvesting
Credential harvesting detected with 3 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 64 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
amendes.gouv.fr users (France)
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 64 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
amendes.gouv.fr
Official Website
N/A
Fake Service
Banking/payment service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 64 techniques to evade detection by security scanners and make reverse engineering more difficult.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
services-publics.grupozasacr.com
Registered
2020-06-11 17:03:43+00:00
Registrar
Key-Systems GmbH
Status
Active (older domain)

Hosting Information

Provider
Key-Systems GmbH
ASN

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
1.2 MB

🔗 API Endpoints Detected

Other
15

🔐 Obfuscation Detected

  • : None
  • : None
  • : Moderate
  • : Moderate
  • : Heavy
  • : Heavy

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
République Française (amendes.gouv.fr)
http://services-publics.grupozasacr.com
Apr 07, 2026
 Screenshot
République Française (ANTAI)
https://antai-info-amende-non-payer.wasmer.app/wp-content/vs...
Mar 24, 2026
 Screenshot
amendes.gouv.fr (French Government)
https://services-publics.grupozasacr.com/infospage.php
Jan 30, 2026
 Screenshot
amendes.gouv.fr
https://services-publics.grupozasacr.com/infospage.php
Jan 21, 2026
 Screenshot
French Government
http://health-coders.com.ar/app/France/paiement.php
Jan 20, 2026

Scan History for services-publics.grupozasacr.com

Found 5 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.