EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

No screenshot available

Detection Info

http://126qiyeyou.com/login
Detected Brand
NetEase (163.com)
Country
China
Confidence
100%
HTTP Status
200
Report ID
d2a19e9d-f7a…
Analyzed
2026-01-19 23:43
Final URL (after redirects)
http://126qiyeyou.com/login/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T11133DE312D980EBB03FB52CE7A54EF3B60C3BA69C3154D898AF8499D1E4CDE1AD90157
CONTENT ssdeep
768:NG/9qACeoYjJU/gULbNcTW+wFACeSOFm44m/s:kEAF/ULbiwFAF4K/s

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9a1be77ae1659812
VISUAL aHash
00000c028f9fffff
VISUAL dHash
42383816393c64cd
VISUAL wHash
00000c0a8fdfffff
VISUAL colorHash
06007000000
VISUAL cropResistant
42383816393c64cd

Code Analysis

Risk Score 100/100
Threat Level BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: No immediate threat detected; likely a legitimate enterprise login page.
• Target: NetEase enterprise email users.
• Method: QR code login method, potential for credential harvesting if on compromised domain.
• Exfil: Unknown, but potential for data exfiltration if malicious.
• Indicators: Domain age is high, but slight domain deviation and presence of Javascript form submission could be suspicious.
• Risk: LOW - While there's a form, the domain age reduces the phishing risk.

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • eval
  • fromCharCode
  • unescape
  • document.write
  • hex_escape
  • unicode_escape
  • js_packer
  • base64_strings

🎯 Kit Endpoints

  • https://open.qiye.163.com/advconfig/getAdvConfig?type=login&callback=jsonp_1jb7puw4yku6bnn
  • https://entry.qiye.163.com/domain/domainEntLogin
  • https://entryhz.qiye.163.com/login/action/getCtCodes?callback=jsonp_5g50wtr0z8p5heh
  • https://entry.qiye.163.com/domain/domainAdminLogin
  • https://ss.knet.cn/verifyseal.dll?sn=e12051044010020841301459&ct=df&pa=151131
  • //qiye.163.com/entry/buy-price.htm?from=login_pc

📡 API Calls Detected

  • GET
  • //office.163.com/
  • get
  • POST

📤 Form Action Targets

  • https://entry.qiye.163.com/domain/domainAdminLogin
  • https://entry.qiye.163.com/domain/domainEntLogin

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/5a9b729ca0bf.png
Jun 10, 2026
 Screenshot
NetEase (网易)
https://www.qiyeyou126.cn/login/
Mar 19, 2026
 Screenshot
NetEase (网易)
https://www.qiyeyou126.cn/login
Mar 17, 2026
 Screenshot
NetEase
http://qiyeyou126.cn/login
Jan 20, 2026
 Screenshot
NetEase
http://qiyeyou126.cn/login
Dec 25, 2025

Scan History for 126qiyeyou.com

Found 2 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.