SafeMode - Analysis: www.qiyeyou126.cn

Captura Visual

Informações de Detecção

https://www.qiyeyou126.cn/login

Detected Brand

NetEase (网易)

Country

International

Confiança

100%

HTTP Status

200

Report ID

28601913-314…

Analyzed

2026-03-17 05:05

Final URL (after redirects)

https://www.qiyeyou126.cn/login/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1BB33DE312D980EBB03FB52CE7A54EF3B60C3BA69C3154D898AF8499D1E4CDE1AD90157
CONTENT ssdeep	768:xG/9qACeoYjJU/gULbNcTW+wFACeSOFm44m/s:4EAF/ULbiwFAF4K/s

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9a1be77ae1659812
VISUAL aHash	00000c028f9fffff
VISUAL dHash	42383816393c64cd
VISUAL wHash	00000c0a8fdfffff
VISUAL colorHash	06007000000
VISUAL cropResistant	42383816393c64cd

Análise de Código

Risk Score 100/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Usuários do NetEase (网易)
• Método: Imitação e redirecionamento de código QR
• Exfil: Potencialmente credenciais ou outras informações confidenciais.
• Indicadores: Incompatibilidade de domínio, ofuscação, código QR.
• Risco: ALTO

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

eval
fromCharCode
unescape
document.write
hex_escape
unicode_escape
js_packer
base64_strings

🎯 Kit Endpoints

https://entry.qiye.163.com/domain/domainEntLogin
//qiye.163.com/entry/buy-price.htm?from=login_pc
https://ss.knet.cn/verifyseal.dll?sn=e12051044010020841301459&ct=df&pa=151131
https://entryhz.qiye.163.com/login/action/getCtCodes?callback=jsonp_8h4hspk7p3o0451
https://entry.qiye.163.com/domain/domainAdminLogin
https://open.qiye.163.com/advconfig/getAdvConfig?type=login&callback=jsonp_1v4ao4vmqaal3le

📡 API Calls Detected

POST
GET
get
//office.163.com/

📤 Form Action Targets

https://entry.qiye.163.com/domain/domainEntLogin
https://entry.qiye.163.com/domain/domainAdminLogin

📊 Detalhamento da Pontuação de Risco

Total Risk Score

85/100

Contributing Factors

Domain Mismatch

The domain does not match the expected NetEase domain.

JavaScript Obfuscation

Obfuscated Javascript code may contain malicious functionality.

QR Code Phishing Risk

The use of a QR code in the context of credential entry is a red flag.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

NetEase (网易) users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

HTTP POST to backend

Avaliação de Risco

CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
24088 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

NetEase (网易)

Official Website

qiye.163.com

Fake Service

Email Login

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The site attempts to phish credentials, likely through the QR code that redirects to a malicious site. It uses an impersonation technique, copying the look and feel of a legitimate NetEase login page.