EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of qiyeyou126.cn

Detection Info

http://qiyeyou126.cn/login
Detected Brand
NetEase
Country
China
Confidence
100%
HTTP Status
200
Report ID
3d778c6c-4d9โ€ฆ
Analyzed
2026-01-20 12:39
Final URL (after redirects)
http://qiyeyou126.cn/login/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T16733DE312D980EBB03FB52CE7A54EF3B60C3BA69C3154D898AF8499D1E4CDE1AD90157
CONTENT ssdeep
768:NG/9qACeoYjJU/gULbNcTW+pACeSOFm44m/s:kEAF/ULbipAF4K/s

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9a1be77ae1659812
VISUAL aHash
00000c028f9fffff
VISUAL dHash
42383816393c64cd
VISUAL wHash
00000c0a8fdfffff
VISUAL colorHash
06007000000
VISUAL cropResistant
42383816393c64cd

Code Analysis

Risk Score 100/100
Threat Level BAJO
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Banking ๐ŸŽฃ Personal Info

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Potentially compromised login portal
โ€ข Target: NetEase enterprise email users in China
โ€ข Method: QR code login for NetEase Enterprise Email
โ€ข Exfil: Potentially compromised login credentials.
โ€ข Indicators: The URL is suspicious but it is consistent with older login pages.
โ€ข Risk: LOW - requires additional checks to determine if this is the current login URL.

๐Ÿ” Credential Harvesting Forms

๐Ÿ”’ Obfuscation Detected

  • fromCharCode
  • unescape
  • document.write
  • unicode_escape
  • base64_strings

๐ŸŽฏ Kit Endpoints

  • https://entry.qiye.163.com/domain/domainEntLogin
  • https://open.qiye.163.com/advconfig/getAdvConfig?type=login&callback=jsonp_au80snhs9dg2771
  • //qiye.163.com/entry/buy-price.htm?from=login_pc
  • https://ss.knet.cn/verifyseal.dll?sn=e12051044010020841301459&ct=df&pa=151131
  • https://entryhz.qiye.163.com/login/action/getCtCodes?callback=jsonp_az499c69sny0rek
  • https://entry.qiye.163.com/domain/domainAdminLogin

๐Ÿ“ก API Calls Detected

  • get
  • POST
  • GET
  • //office.163.com/

๐Ÿ“ค Form Action Targets

  • https://entry.qiye.163.com/domain/domainEntLogin
  • https://entry.qiye.163.com/domain/domainAdminLogin

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/5a9b729ca0bf.png
Jun 10, 2026
 Screenshot
NetEase (็ฝ‘ๆ˜“)
https://www.qiyeyou126.cn/login/
Mar 19, 2026
 Screenshot
NetEase (็ฝ‘ๆ˜“)
https://www.qiyeyou126.cn/login
Mar 17, 2026
No screenshot
NetEase (163.com)
http://126qiyeyou.com/login
Jan 19, 2026
 Screenshot
NetEase
http://qiyeyou126.cn/login
Dec 25, 2025

Scan History for qiyeyou126.cn

Found 3 other scans for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.