← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
[FDC] Telegram Account Hijacking via Fake Voting Phishing Campaign
WHITE afokin52 2026-05-11 Modified: 2026-05-11
15
IOCs
MEDIUM VOLUME
FDC Threat Intelligence public report (2026-03-14). TLP:CLEAR. Full report: https://github.com/freedatacenter/threat-intelligence/blob/main/reports/2026-03-14-telegram-vote-phishing/Incident_Report_2026-03-14_EN.pdf
phishingaccount-takeovertelegramphaasMITRE T1566.002MITRE T1204.001MITRE T1036.005MITRE T1027MITRE T1539MITRE T1056.003MITRE T1556MITRE T1583.001MITRE T1583.003MITRE T1588.002MITRE T1608.002MITRE T1550.004MITRE T1589.001MITRE T1070.004MITRE T1213
Indicators of Compromise (15)
All domain IPv4 email URL
TYPEINDICATORDESCRIPTIONCREATED
domain beaminkjet.com Primary phishing domain 2026-05-11
IPv4 77.83.39.62 Pitline Ltd, Kharkiv, UA (Censys BULLETPROOF 0.75) 2026-05-11
email syimono1488@gmail.com WHOIS registrant email 2026-05-11
URL https://beaminkjet.com/umarashab Phishing entry URL 2026-05-11
domain vybory.cyou Co-located phishing domain (elections theme) 2026-05-11
domain vybory.bond Co-located phishing domain (elections theme) 2026-05-11
domain vybory.sbs Co-located phishing domain (elections theme) 2026-05-11
domain vybory.cfd Co-located phishing domain (elections theme) 2026-05-11
domain vesna2026.cyou Co-located phishing domain 2026-05-11
domain vesna2026.cfd Co-located phishing domain 2026-05-11
domain vesna2026.sbs Co-located phishing domain 2026-05-11
domain onetop.sbs Co-located phishing domain 2026-05-11
domain onetop.cfd Co-located phishing domain 2026-05-11
domain onetop.bond Co-located phishing domain 2026-05-11
domain onetop.click Co-located phishing domain 2026-05-11
References (1)
↗ https://github.com/freedatacenter/threat-intelligence/blob/main/reports/2026-03-14-telegram-vote-phishing/Incident_Report_2026-03-14_EN.pdf