SafeMode - Analysis: qiyeyou126.cn

Visual Capture

Detection Info

http://qiyeyou126.cn/login

Detected Brand

NetEase

Country

China

Confidence

100%

HTTP Status

200

Report ID

7a2bd76c-7b1…

Analyzed

2025-12-25 23:59

Final URL (after redirects)

http://qiyeyou126.cn/login/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11133DE312D980EBB03FB52CE7A54EF3B60C3BA69C3154D898AF8499D1E4CDE1AD90157
CONTENT ssdeep	768:NG/9qACeoYjJU/gULbNcTW+wFACeSOFm44m/s:kEAF/ULbiwFAF4K/s

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9a1be77ae1659812
VISUAL aHash	00000c028f9fffff
VISUAL dHash	42383816393c64cd
VISUAL wHash	00000c0a8fdfffff

Code Analysis

Risk Score 100/100

Threat Level CRITICAL

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: QR code phishing targeting NetEase email accounts
• Target: Users of NetEase email service, particularly in China
• Method: Prompts users to scan a QR code to log in, which may redirect to a malicious site or steal credentials
• Exfil: Unknown, potentially redirecting to a malicious site or harvesting credentials through a QR code scam
• Indicators: Domain name mismatch, QR code login request, and Chinese-language interface
• Risk: HIGH - potential for credential theft or redirection to a malicious website