Phishing Analysis
Detailed analysis of captured phishing page
70
Risk Score
High Risk
Threat Level: ALTO
• Impersonating: Groupe Deret
- • Threat: Credential harvesting phishing attack.
- • Target: Employees or customers of Groupe Deret.
- • Method: Fake login page designed to steal email addresses and passwords.
- • Exfil: Likely sends data to a remote server controlled by the attacker.
- • Indicators: The domain 'sso-security.com' does not match the official Groupe Deret website.
- • Risk: HIGH - Potential for immediate credential theft and account compromise.
⚠ Risk Factors
- Brand impersonation of Groupe Deret on non-official domain
- Credential harvesting indicators detected
- OTP/2FA stealing indicators detected
Visual Capture
Detection Info
https://sso-security.com/W0Sy9LNGpj7PPSk?=userid&messageid=YWZhNDM0c2RqZjk4MjNmb2lkc2pmKC9DODk4RnNhOShGLyhBU0ZzdWlhaGRma2FzZDIoLw==
Detected Brand
Groupe Deret
Country
France
Confidence
100%
HTTP Status
200
Report ID
3d041898-829…
Analyzed
2025-12-30 13:12
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14FD1FF7050409D3B5283C7D4B3B96B4F3394C346EA97566AA7F4C39C0EE3E66CC1A226 |
|
CONTENT
ssdeep
|
96:nIpkCGTHRPykkrwkMZs39TbJG9KjsWsjOi0U2gs0sjO7OVJQ6Q6ynQjNsjOsV:9Dk8g9TbJG9aMbOVJQyyQjwV |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c497326cc99d966 |
|
VISUAL
aHash
|
18001818191f0f9f |
|
VISUAL
dHash
|
7161713331727d38 |
|
VISUAL
wHash
|
191818181f1f1fff |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
7161713331727d38 |
Code Analysis
Risk Score
70/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Credential harvesting phishing attack.
• Target: Employees or customers of Groupe Deret.
• Method: Fake login page designed to steal email addresses and passwords.
• Exfil: Likely sends data to a remote server controlled by the attacker.
• Indicators: The domain 'sso-security.com' does not match the official Groupe Deret website.
• Risk: HIGH - Potential for immediate credential theft and account compromise.
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Microsoft
http://inner.website/pcdde712fh20d94f742bc3a42131444b38b5.ht...
Jan 09, 2026
Microsoft
https://inner.website/yba964a42c4b7d4e62la770d4a1827d382b7.h...
Jan 09, 2026
Microsoft
https://inner.website/y023e62ecc47bd45efl8a100d2888677a163.h...
Jan 09, 2026
Microsoft
https://inner.website/yd0dd9503c13e84494l82ec464e8fa52549d.h...
Jan 09, 2026
No screenshot
Microsoft
https://inner.website/p8f95d256hfeeb436d2a4b540cc1ae756976.h...
Jan 09, 2026
Scan History for sso-security.com
Found 10 other scans for this domain
-
https://sso-security.com/pSWUhYWFe0hRfvxBhg?=useri...
https://sso-security.com/tuJwHdkl4Xc6v60N?=userid&...
https://sso-security.com/mwNw9yK7zSMRZa4?=userid&m...
https://sso-security.com/V6ocws3yf6a162k?=userid&m...
https://sso-security.com/yDggbRnMeqV36P0?=userid&m...
https://sso-security.com/oZ9LZteAbpu9?=userid&mess...
https://sso-security.com/g28Wrc83vcT5d48?/aG94aHVu...
https://sso-security.com/sdtaSCjL3SMXheo?=userid&m...
https://sso-security.com/wPkmh20MmRTxVEwAhQ?=useri...
https://sso-security.com/8mdoRKygydY_ntWLug?/aG94a...