SafeMode - Analysis: www.qiyeyou126.cn

Captura Visual

Información de Detección

https://www.qiyeyou126.cn/login

Detected Brand

NetEase (网易)

Country

International

Confianza

100%

HTTP Status

200

Report ID

28601913-314…

Analyzed

2026-03-17 05:05

Final URL (after redirects)

https://www.qiyeyou126.cn/login/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1BB33DE312D980EBB03FB52CE7A54EF3B60C3BA69C3154D898AF8499D1E4CDE1AD90157
CONTENT ssdeep	768:xG/9qACeoYjJU/gULbNcTW+wFACeSOFm44m/s:4EAF/ULbiwFAF4K/s

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9a1be77ae1659812
VISUAL aHash	00000c028f9fffff
VISUAL dHash	42383816393c64cd
VISUAL wHash	00000c0a8fdfffff
VISUAL colorHash	06007000000
VISUAL cropResistant	42383816393c64cd

Análisis de Código

Risk Score 100/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de NetEase (网易)
• Método: Suplantación de identidad y redirección de código QR
• Exfil: Potencialmente credenciales u otra información confidencial.
• Indicadores: Coincidencia de dominio, ofuscación, código QR.
• Riesgo: ALTO

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

eval
fromCharCode
unescape
document.write
hex_escape
unicode_escape
js_packer
base64_strings

🎯 Kit Endpoints

https://entry.qiye.163.com/domain/domainEntLogin
//qiye.163.com/entry/buy-price.htm?from=login_pc
https://ss.knet.cn/verifyseal.dll?sn=e12051044010020841301459&ct=df&pa=151131
https://entryhz.qiye.163.com/login/action/getCtCodes?callback=jsonp_8h4hspk7p3o0451
https://entry.qiye.163.com/domain/domainAdminLogin
https://open.qiye.163.com/advconfig/getAdvConfig?type=login&callback=jsonp_1v4ao4vmqaal3le

📡 API Calls Detected

POST
GET
get
//office.163.com/

📤 Form Action Targets

https://entry.qiye.163.com/domain/domainEntLogin
https://entry.qiye.163.com/domain/domainAdminLogin

📊 Desglose de Puntuación de Riesgo

Total Risk Score

85/100

Contributing Factors

Domain Mismatch

The domain does not match the expected NetEase domain.

JavaScript Obfuscation

Obfuscated Javascript code may contain malicious functionality.

QR Code Phishing Risk

The use of a QR code in the context of credential entry is a red flag.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

NetEase (网易) users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

HTTP POST to backend

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
24088 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

NetEase (网易)

Official Website

qiye.163.com

Fake Service

Email Login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The site attempts to phish credentials, likely through the QR code that redirects to a malicious site. It uses an impersonation technique, copying the look and feel of a legitimate NetEase login page.