Description
What are the subjects of the phishing (domains, URLs or IPs)?
What are the impersonated domains?
telegram.org (login page)
Where or how did you discover this phishing?
I discovered this phishing by one of my friends recieving this link in the DMs.
Do you have a screenshot?
(sorry for url hidden, this is screenshots i made for freinds to warn them and I didn't want them to go to that website)
Related external source
I also reported it everywhere i could, like google safebrowsing, microsoft forgot this thing. I also reported it to the cloudflare and dynadot.
But at this time no one of resources above marked this domain as dangerous
Additional Information or Context
There are two buttons on the main page, after clicking on any of them - website impersonates telegram, and shows QR code. If scan it from phone - your account getting stolen.
Also more on discovery: So one of contacts DMed my friend with proposal to vote in a competition, and when he went to this website he clicked a button, then saw a telegram login. Fortunately he was too lazy to login to the telegram, and is saved him. There's a lot of people who would fall for it. The contact of my friend that sent this to him were deleted from telegram completely on the next day (probably telegram internal measures to prevent things like it).
I don't have capability to check what will happen if you actually scan this qr code, but probably shortly after all other sessions except scammer's sessions will be terminated, and the same message with proposal to vote will be sent to all of the contacts. Additionally scammers will be able to read all your messages, and if you store something critical in the telegram "saved" it could be very dangerous depending on scammer's desire to scam you further.
Metadata
Metadata
Labels
Type
Projects
Status
✅ Done