# telegram.autentifikator.ru — SUSPICIOUS > PhishDestroy identifies telegram.autentifikator.ru as a fake Telegram credential stealer. Check the full report. ## Summary PhishDestroy identifies the domain **telegram.autentifikator.ru** as a newly active phishing site mimicking the Telegram authentication portal, operating under the threat type *generic_phishing*. This domain exploits brand confusion with the globally recognized messaging platform to deceive users into entering credentials. While no advanced drainer kit was detected during initial analysis, the page likely serves as a credential harvesting front-end, potentially redirecting stolen data to a backend collection server. The domain was registered through REGRU-RU and deployed with a Let’s Encrypt SSL certificate, which may mislead users into believing it is legitimate. Given the timing of its creation (March 19, 2026) and the absence of known takedowns, this site represents a rapidly emerging threat to Telegram users seeking authentication services. This domain exhibits several technical indicators that warrant heightened scrutiny. VirusTotal currently shows a detection score of **0/95**, indicating no antivirus or security vendor has flagged it as malicious—likely due to its recent deployment. It resolves to IP **141.98.190.101**, a hosting infrastructure with no established reputation in public blocklists. The domain was registered through **REGRU-RU**, a Russian registrar known for accommodating high-risk registrations. No entry was found in Google Safe Browsing (GSB) at the time of assessment, and current blocklist counts remain zero across major threat intelligence feeds. While the lack of detections does not confirm safety, it exposes a critical detection gap that attackers are exploiting during this early lifecycle stage. As of this assessment, the domain remains **active** and under investigation. PhishDestroy has flagged this site with a risk status of *under_investigation*, acknowledging that while initial indicators are concerning, further behavioral analysis is required. No known takedown or response action has been initiated by hosting providers or law enforcement. The remaining risk is assessed as **high** due to the domain’s recent activation, lack of detection coverage, and targeting of a major platform—Telegram—making it likely to attract unsuspecting users. Users should refrain from visiting or interacting with this domain. If you have accessed this site, immediately change your Telegram password, enable two-factor authentication, and scan your device for malware. Organizations are urged to monitor for access to this domain via DNS logs, browser history, or proxy alerts. This domain may evolve into a more sophisticated phishing campaign or be rebranded under similar domains as it ages. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-19 04:32:16 - Registrar: REGRU-RU - IP: 141.98.190.101 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/dbf35277-0484-4070-81ab-e8e995bfcb57 - PhishDestroy: https://phishdestroy.io/domain/telegram.autentifikator.ru/ - LLM endpoint: https://phishdestroy.io/domain/telegram.autentifikator.ru/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/telegram.autentifikator.ru/ Last updated: 2026-03-24