SafeMode - Analysis: lozoyozip.z22.web.core.windows.net

EN ES PT

Back to Stats

Captura Visual

Screenshot of lozoyozip.z22.web.core.windows.net

Informações de Detecção

https://lozoyozip.z22.web.core.windows.net/

Detected Brand

Microsoft

Country

Unknown

Confiança

100%

HTTP Status

200

Report ID

ca7d6ea3-485…

Analyzed

2026-06-08 03:24

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T138E1CA35B01079374467A359FF71D75E532182449B630E0C42EC876BBEEEDA8C9621DA
CONTENT ssdeep	96:n/7CKhR8XlMPNUTViZGBNWVlXm/m4p7BQz02Um:DCuRrPSZuGBWW//lNm

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cbc33476762c552c
VISUAL aHash	283c3c3c3c3c0101
VISUAL dHash	c9c9e9e9e1e9b37b
VISUAL wHash	3c7c7c7c7c7c0301
VISUAL colorHash	070000081c0
VISUAL cropResistant	830b9ec486a3939e,ba12a656aa2ab2a2,c9c9e9e9e1e9b37b,010029c9c1292001

Análise de Código

Risk Score 6/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🔒 Obfuscation Detected

document.write
unicode_escape

📊 Detalhamento da Pontuação de Risco

Total Risk Score

40/100

Contributing Factors

Code Obfuscation

JavaScript code obfuscated using 6 technique(s) to evade detection

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Microsoft Phishing Landing Page

Alvo

Microsoft users

Método de Ataque

obfuscated JavaScript

Canal de Exfiltração

Form submission (backend endpoint not detected - likely JavaScript-based)

Avaliação de Risco

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

6 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Microsoft

Official Website

https://www.microsoft.com

Fake Service

Credential harvesting service

⚔️ Metodologia de Ataque

Primary Method: Brand Impersonation Redirect

Impersonates Microsoft to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.