Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://app-72186365-4338-4462-ad6b-9b797bd9b486.cleverapps.io/ANTAI/am/3dsec.php
Detected Brand
République Française (Amendes)
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
ba1575c2-5af…
Analyzed
2026-06-18 10:14
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1322296B238124D23616F51DE998F974E9282E396CF424FD192F4822A5FF1C90FE47298 |
|
CONTENT
ssdeep
|
96:TgJWtJ5p5W4QkQC7JXntEGvEhl8jr2Fpqw+etOmqeMHSIIfII1IIoIIOI67DmBSN:cYJjbZS80l6elvAY7GX92gt1J1A0qIu |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b063cecf98998e64 |
|
VISUAL
aHash
|
bfc3c38fcfffdf9f |
|
VISUAL
dHash
|
218e1e383c303830 |
|
VISUAL
wHash
|
8f00008f8f8fcf9f |
|
VISUAL
colorHash
|
07000038000 |
|
VISUAL
cropResistant
|
218e1e383c303830,13e4e81340a6d8d4 |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Personal Info
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- fromCharCode
🎯 Kit Endpoints
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMAAAADACAMAAABlApw1AAACylBMVEUAAADmAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH7mAH4QEgezAAAA7XRSTlMAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNTY4OTo7PD0+P0BBQkRFRkdISUpMTU5PUFFUVVZXWFlaXV5fYGFiY2RlZmdoaWprbG1ub3FydHV2d3h5ent8fX6AgYKDhYaHiImKjI2Oj5CRkpOVlpeYmZqbnJ2en6ChoqOkpqeqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f5chY8ZAAAHJ0lEQVR42u2Y+VsUZRzAZ3ZnD1hBF7lBPDACFQGvzKNCUzPUvDY07yQSDMwkTUsgtTQtNdpqs0hT80jLPBIvRMxSEbkEPFA8EHaX3fkfmvm+szszyz7smvj4+Dzfzy/7vu+83/d9PzPzHrMUhSAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgjwLKEKiOMJ9HPkuUUCXJ9KZMrTjG+9cWMlxsXC0inSxtBJYqnwSAoH7Or5x/TEWqJqkAIE8ks17IgLBJR3fuEOALY17xgVa81SPIaAa+irH6KinKMBWDXwMAf0JM0fTgqcpYP9M+/8FAs7wUda0pynA1g5/xgXsxk7eCyi0XcM6q2jnAlkMAulKpVIhqUUrRGhRgNFHRIQHaN304RLwaALszeS2AurosYZUgWHOsfm8uHxXUfFh48wepKjT0ut8lO1AXl5eRidBMXT4mxmLRcaJAppVpaUlx3evGhUgHSQdNGT6IknAJGEMtH7wZL77EUpPAvZCPxcBZvDmK012x3WjShhaUsENUmgpTddL3g2gJBjW474rzzTaWAkFooDWSIruHnzDeQRQ9MouamiVBuxVw4WguYdvWvm8yceTANv4OiMT0C24YpdcFgSY10rFkTVt7uZOwCf1gmww7gVY9naOn7AOTzxpcQkAATpx+0Mh366AnXS3K1AqoM26I2uRCCjGXJUWWkwhbQV8shtY1hsB9l4ODEs1q65NAAgknXTerHYFzHubobnUfFFAYbjLuhHod1ZeasnVuAoo5jayXgqwt6dx84BOqWXdCoTvF1+BdgVa5h2C38NGUaD7acfcsNtFAc1G4ZZYLULixstU8BlSo9VisZwJpmL/cUS28thdBTTramrqHgpDOx5GUZHH3ARwAsrMFnEM37crMGHqPfitcQrQ80iwuWhD7hb+XbIu59+rAdegtPnXhdM+KYOe7F9rtVMrYPxGg8EwXqtYStSs5zZlZ2ZmLrvqKsBExscnTt5F2m+eQlOzSdJ2aev7XED2eYdAhHAP67bl5+ZOV7UnkNK5UPr4OAHfn8iV/FBal891YNsdxk+qRTA4c34At9IMIQMq6y3fyAKOkJGtJYus0EWB60YWuIFMvC0q7c/kZfw2Dq5otjsExjyA1NlXNJ72gZYUelSDXCD0HKSOhVHq9PvcfT6dALPNBKVFYbBCG5pg5oyVC8RVw4PZGSDroo0AFX2B9KAPExLdSLkosBgUH85QUJ4FKF+jXSYQVwmpfCWVUMb9VoyGVvxgrtjyyA7U8xI8jtlygeEwha3vUB4ElN9A9lxELJnCK5WuAqvhcZfHUN4IUEOqZQLxZDp8yO+z99gGg1JSvzVLOEGcFcYtE0iG6WRN9SRA5cMtK43oD/s4+57CVSAXKpyP9E5A82mrVCCmHFIbucVMt6QmR0vq+x6A12MTGUMfeEotqXKBobB9tObQHgS0ZJYVh8aQhWG9ylXgY3gCNf29E6D6XZQKBJ6C1KUB3Dh8Rjo+xJnNUHqxD2SyYPe885IgYM9l+OLYKqhz+rn2BZTjyI3frwshy87lwbSLQBqcIczZKu8EmCVWiYBmK1naTs0cGC8Qq6XoGVDHtjtRy3R5q54sEhGCAFs5f2D88yr9nyTy6Aw+MjLAVaAggW9s5IoKssJ/pNT+SFIlaYO4Cz19nQLDbkPq2vwwnY+P2qOAuHXBTZpC1jDWfL2GUG3i1pXe/5LRlRWs2Ut2attqhvI/6KxbFK78QNjizPVc1LogV4H70Fqj8MLWv0BRc4T9ynKDu2Dq6hQIPCScuIoLTaZ0tUcB+u1miUDQPpe9/dYE7hErl5ldii/Hcw8v37mEVUZRsRelB5A2AjJaN3CzK/IvSclvQU4Bxcz7rJdHiRTyyeQ4evAC9MgKWVe2z6GF0F9kp2S2cQ6/eLxULxFQzLrtrYDtj2j+zo2vcStA+X9pfSQBenSt5DSqnFYuPU3/HUtC+h2VGtxbroNPnFyLKED5Zlz3TsC6PxEmrspQZXcnQEX+YH4UAUqT9UCyUDDJv4vvS9N8YZmm++xocZZeyxAO9CGbH4gClGbiCYtnAVt1XpSw1jLJB5vdCVBhq2rt7Ql02dPAUztWyHd6t+QWl18hLNUhc3aW3YIaDSa9Myho4Yn7fKuWOtMI5wrnP30HVD0H2w4duWBPOUR+EUi6WM/FHWkQuXn54LIkteSD0rD9EgQUdv0OKmwjF9VD1p6s5fNfad3+3xqTxJPQ2VnQLZHLRzg+VmlddCLUSAyVftKHp+RsNK5JG6STftPqohO4in2FQdF+vSGyO0O64B4ME5skktDLX37EoXU9+fik3kwvqBDtGAMT0pfP91B06N+EtFrL4J/7CIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCNLB/Ad4GMDQOvb49wAAAABJRU5ErkJggg==
📤 Form Action Targets
- ./infoz/otp.php
📊 Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Personal Info
Credential Harvesting
Credential harvesting detected with 3 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 2 technique(s) to evade detection
🔬 Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
République Française (Amendes) users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Personal Info
- 2 obfuscation techniques
🏢 Brand Impersonation Analysis
Impersonated Brand
République Française (Amendes)
Official Website
N/A
Fake Service
Banking/payment service
⚔️ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
app-72186365-4338-4462-ad6b-9b797bd9b486.cleverapps.io
Registered
Unknown
Registrar
Unknown
Status
Age unknown
Hosting Information
Provider
Unknown
ASN
🤖 AI-Extracted Threat Intelligence
Scan History for app-72186365-4338-4462-ad6b-9b797bd9b486.cleverapps.io
Found 3 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.