SafeMode - Analysis: grenee.dynv6.net

EN ES PT

Back to Stats

Visual Capture

Detection Info

https://grenee.dynv6.net/nota/index.php

Detected Brand

Notaire (French notary)

Country

International

Confidence

100%

HTTP Status

200

Report ID

fd5ee830-5d6…

Analyzed

2026-02-27 06:25

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T16621429540858C679246D298FBB2732F51978391C7471E0683F083FE0ADAF48CDA90EB
CONTENT ssdeep	24:IZ2LjuBdO46W/Pp1tsrJolD/sLf5GEDbfYN9uENBVraIZwqR+:SwuBM46Wn3tGe/szYwwHx5vZT+

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	96a9eda1a0edb832
VISUAL aHash	ff3c3c3c3c3c3c3c
VISUAL dHash	c668696969696869
VISUAL wHash	ff3c3c3c043c343c
VISUAL colorHash	070000001c0
VISUAL cropResistant	c668696969696869

Code Analysis

Risk Score 68/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential Phishing
• Target: Notary service users
• Method: Impersonation and form submission
• Exfil: index_a.php
• Indicators: Suspicious domain, form requesting credentials.
• Risk: High

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

fromCharCode

📤 Form Action Targets

index_a.php

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Suspicious Domain

Domain name is unrelated to the service being impersonated.

Credential Harvesting

The website asks for email and password

Obfuscation Detected

Obfuscation increases likelihood of malicious code.

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

Notaire (French notary) users (International)

Attack Method

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Exfiltration Channel

HTTP POST to backend

Risk Assessment

HIGH - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, Personal Info
4 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Notaire

Fake Service

Access to secure documentation

⚔️ Attack Methodology

Primary Method: Credential Phishing

The attacker creates a fake login page that mimics a legitimate service. The user enters their email and password, which the attacker then steals.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

grenee.dynv6.net

Registered

Unknown

Registrar

Unknown

Status

Unknown

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Unknown

https://cdn.gosafemode.com/screenshots/8e3367f29d16.png

May 26, 2026

Notaire (French Notary)

https://cc076831.tw1.ru/login/login/login/login%20(1)%20(2)/...

Feb 15, 2026

😰

"I Never Thought It Would Happen to Me"

That's what 2.3 million victims say every year. Don't wait to become a statistic.