top-poll.ru
Open in
urlscan Pro
2606:4700:3033::6815:27b2
Malicious Activity!
Public Scan
Submission: On August 01 via api from RU — Scanned from DE
Summary
TLS certificate: Issued by WE1 on July 24th 2024. Valid for: 3 months.
This is the only time top-poll.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 2606:4700:303... 2606:4700:3033::6815:27b2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 172.67.171.40 172.67.171.40 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
24 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
top-poll.ru
top-poll.ru |
234 KB |
24 | 1 |
Domain | Requested by | |
---|---|---|
19 | top-poll.ru |
top-poll.ru
|
24 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
top-poll.ru WE1 |
2024-07-24 - 2024-10-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://top-poll.ru/choice
Frame ID: B265D1C8DCA118073F246C29151653AE
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
WebPage URL History Show full URLs
- https://top-poll.ru/choice Page URL
- https://top-poll.ru/choice Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://top-poll.ru/choice Page URL
- https://top-poll.ru/choice Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
choice
top-poll.ru/ |
13 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-IM4r3mAp.js
top-poll.ru/auth/ |
128 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-a3UEjh-7.css
top-poll.ru/auth/ |
439 KB 78 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
choice
top-poll.ru/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-IM4r3mAp.js
top-poll.ru/auth/ |
128 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-a3UEjh-7.css
top-poll.ru/auth/ |
439 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-Rm3ML71B.js
top-poll.ru/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-9wi-02Dm.js
top-poll.ru/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto.worker-9wi-02Dm.js
top-poll.ru/auth/ |
67 KB 24 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 B 59 B |
Image
image/jxl |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
top-poll.ru/auth/assets/img/ |
15 KB 4 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lang-zHzLTv6f.js
top-poll.ru/auth/ |
114 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
langSign-lcKrqmwM.js
top-poll.ru/auth/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
countries-lRU-UavE.js
top-poll.ru/auth/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pageSignQR-wFNzb3dq.js
top-poll.ru/auth/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
page-uK-17Jvd.js
top-poll.ru/auth/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
button-6kGlNwSB.js
top-poll.ru/auth/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
putPreloader-Y9T8sjKk.js
top-poll.ru/auth/ |
699 B 941 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
textToSvgURL-Z4O-nL1S.js
top-poll.ru/auth/ |
357 B 751 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cc334f2c-99d5-4580-976c-be5c9fbcf9f8
https://top-poll.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
ddf4f7a1-c4e9-48b8-a449-089ff145b96f
https://top-poll.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
53282832-ea62-455b-ae86-20c4093b0346
https://top-poll.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qr-code-styling-ogpV7fl-.js
top-poll.ru/auth/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
_commonjsHelpers-5-cIlDoe.js
top-poll.ru/auth/ |
290 B 700 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_padded.svg
top-poll.ru/auth/assets/img/ |
1 KB 1 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- top-poll.ru
- URL
- https://top-poll.ru/auth/mtproto.worker-Rm3ML71B.js
- Domain
- top-poll.ru
- URL
- https://top-poll.ru/auth/crypto.worker-9wi-02Dm.js
- Domain
- top-poll.ru
- URL
- blob:https://top-poll.ru/cc334f2c-99d5-4580-976c-be5c9fbcf9f8
- Domain
- top-poll.ru
- URL
- blob:https://top-poll.ru/ddf4f7a1-c4e9-48b8-a449-089ff145b96f
- Domain
- top-poll.ru
- URL
- blob:https://top-poll.ru/53282832-ea62-455b-ae86-20c4093b0346
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
top-poll.ru/ | Name: PHPSESSID Value: 87e94a1c5f177c1ff256bad0689b232e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
top-poll.ru
top-poll.ru
172.67.171.40
2606:4700:3033::6815:27b2
007af3de51039bb8ac02fc9c925cb2016e29eda735597874330897739cb43dcf
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
1139ab37f623ada2efe662fb8ee99946e43499a134eed788ba2499ed886b6e0c
21dac0676b40bd0ba0111de45f8e13195c5e845c15660bf83a8685c65288959a
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd
4cb05f947d8a726c1df28c678af0bf7125c0f1da07c8212cac48f6f41fb5c262
6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2
900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79
a0e130d88e426893910311f17d3611085f2e09c7d862053de49b2bde6a5768b4
a8c5a40a91ba662d6bf6b37b1535d8e9be91ade19d3f1cb8c9ed30c5a53117fb
a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483
dd95a00f562a5a6c6f0ea4425044e6e13f134506ce052cdd360aa6203fe87dd3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebc5b09fbc7df9f7c09009dccf79419fa2c2e5e64b3dca84c5a5e3ea6d717439
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
fb6e041e9d8a9a2130ae65bb0bcba9d8f945e93079c5aea79fbbf8a86370cc48