Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://invitetracker.work
Detected Brand
Telegram
Country
International
Confidence
95%
HTTP Status
200
Report ID
9851dedf-d2eā¦
Analyzed
2026-05-18 06:54
Final URL (after redirects)
https://t.me/+v2TFbWGW-AFkYTJh
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15A02F8935330885D17EBC0669F57F059A202D0DBF6B92E5096DA9A6FC4C3DF0F823A12 |
|
CONTENT
ssdeep
|
192:I75i375iWYUGYlSqugxuOoRnigni6U3qV0OKPGo75iKB:It0tfYCNVVoPOqVbentJ |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c9cc4e3f3e1c9c1 |
|
VISUAL
aHash
|
3f1f1f0300e0f0f0 |
|
VISUAL
dHash
|
fab3b2ba8e808000 |
|
VISUAL
wHash
|
7f1f1f0b00e0f0f8 |
|
VISUAL
colorHash
|
06198000000 |
|
VISUAL
cropResistant
|
fab3b2ba8e808000 |
Code Analysis
Threat Level
ALTO
ā ļø Phishing Confirmed
š¬ Threat Analysis Report
ā¢ Threat: Phishing / Brand Impersonation
ā¢ Target: Telegram Users
ā¢ Method: Redirecting users to a fake Telegram channel landing page
ā¢ Exfil: Potential credential harvest or malware distribution via 'Download' button
ā¢ Indicators: Domain mismatch, recent registration
ā¢ Risk: High
š Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Recent Domain
Domain is 5 days old
Impersonation
Domain does not match target brand
š¬ Comprehensive Threat Analysis
Threat Type
Telegram Phishing Landing Page
Target
Telegram users (International)
Attack Method
Brand impersonation
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
š¢ Brand Impersonation Analysis
Impersonated Brand
Telegram
Official Website
https://telegram.org
Fake Service
Telegram Channel Access
Fraudulent Claims
āļø Attack Methodology
Primary Method: Brand Impersonation
The site clones the Telegram interface to build trust.
Secondary Method: Malicious Redirect/Download
The 'DOWNLOAD' and 'JOIN CHANNEL' buttons are likely used to distribute malware or trigger unwanted redirects.
š Infrastructure Indicators of Compromise
Domain Information
Domain
invitetracker.work
Registered
2026-05-12
Registrar
Unknown
Status
Active
š¤ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Telegram
https://closefri.top/
Jun 25, 2026
Unknown
https://cdn.gosafemode.com/screenshots/f01acf8e0037.png
May 20, 2026
Unknown
https://cdn.gosafemode.com/screenshots/aa7711e74588.png
May 18, 2026
Telegram
http://invitetrackerr.xyz
May 18, 2026
Telegram
https://p1.polidarsite.com/5kV1swTkGq
Apr 23, 2026
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.