Target App: Threads In-App Browser
Vulnerability: URL Truncation / UI Spoofing
If you are seeing this page, the in-app browser has failed to display the true origin domain (eTLD+1) due to URL padding.
True Origin:
Note for Triage: A malicious actor could easily replace this container with a perfect clone of a Google login page to harvest credentials.