A few months ago I received a phishing attempt in a Telegram message where they promised you untold riches if you'd just take part in their drawing, and to do that you were supposed to "log into Telegram" on a clone of the original web client hosted on a third-party site that was hidden behind Cloudflare. The best I could do was to use that form to send them a bunch of "fuck you"s instead of SMS confirmation codes, because Cloudflare completely ignored my reports -- there was no feedback, nothing, and the site was still up at least a month later.