account-tiktok.rf.gd
Open in
urlscan Pro
185.27.134.150
Malicious Activity!
Public Scan
Effective URL: http://account-tiktok.rf.gd/login/phone-or-email/phone/?i=1
Submission: On January 04 via manual from AU — Scanned from GB
Summary
This is the only time account-tiktok.rf.gd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TikTok (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 185.27.134.150 185.27.134.150 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
6 | 2.16.186.27 2.16.186.27 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
6 | 2.16.186.41 2.16.186.41 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
16 | 4 |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
account-tiktok.rf.gd |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-27.deploy.static.akamaitechnologies.com
s16.tiktokcdn.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-41.deploy.static.akamaitechnologies.com
sf16-scmcdn-va.ibytedtos.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
ibytedtos.com
sf16-scmcdn-va.ibytedtos.com |
8 KB |
6 |
tiktokcdn.com
s16.tiktokcdn.com |
523 KB |
4 |
rf.gd
account-tiktok.rf.gd |
89 KB |
16 | 3 |
Domain | Requested by | |
---|---|---|
6 | sf16-scmcdn-va.ibytedtos.com |
account-tiktok.rf.gd
|
6 | s16.tiktokcdn.com |
account-tiktok.rf.gd
|
4 | account-tiktok.rf.gd |
account-tiktok.rf.gd
|
16 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.tiktok.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tiktokcdn.com RapidSSL RSA CA 2018 |
2020-06-11 - 2022-06-12 |
2 years | crt.sh |
*.ibytedtos.com RapidSSL RSA CA 2018 |
2020-02-07 - 2022-04-07 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://account-tiktok.rf.gd/login/phone-or-email/phone/?i=1
Frame ID: 840EEE3130A30290841768366D916523
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Log in with phone or email | TikTokPage URL History Show full URLs
- http://account-tiktok.rf.gd/login/phone-or-email/phone/ Page URL
- http://account-tiktok.rf.gd/login/phone-or-email/phone/?i=1 Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Feedback and help
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://account-tiktok.rf.gd/login/phone-or-email/phone/ Page URL
- http://account-tiktok.rf.gd/login/phone-or-email/phone/?i=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
account-tiktok.rf.gd/login/phone-or-email/phone/ |
858 B 847 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
account-tiktok.rf.gd/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
account-tiktok.rf.gd/login/phone-or-email/phone/ |
167 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
account-tiktok.rf.gd/login/phone-or-email/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sofiapro-bold.otf
s16.tiktokcdn.com/musical/resource/mtact/static/fonts/ |
163 KB 91 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sofiapro-medium.otf
s16.tiktokcdn.com/musical/resource/mtact/static/fonts/ |
161 KB 89 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sofiapro-regular.otf
s16.tiktokcdn.com/musical/resource/mtact/static/fonts/ |
155 KB 86 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
help.a708bf24.svg
sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/ |
824 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
openSelector.3e786e4d.svg
sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/ |
357 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error.d9f0b771.svg
sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/ |
753 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search.73141555.svg
sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/ |
578 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back_bold.9a9bc698.svg
sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/ |
610 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow.f377b007.svg
sf16-scmcdn-va.ibytedtos.com/goofy/ies/tiktok_webapp_login/svgs/ |
306 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proxima-nova-regular.otf
s16.tiktokcdn.com/musical/resource/mtact/static/fonts/ |
134 KB 85 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proxima-nova-bold.otf
s16.tiktokcdn.com/musical/resource/mtact/static/fonts/ |
138 KB 87 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proxima-nova-semibold.otf
s16.tiktokcdn.com/musical/resource/mtact/static/fonts/ |
135 KB 85 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TikTok (Social Network)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| setnum function| windownumber function| checkpole function| checknum function| sendcode function| checknumber function| check1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
account-tiktok.rf.gd/ | Name: __test Value: cca50cf193213a9b73d664d99dcf0dee |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account-tiktok.rf.gd
s16.tiktokcdn.com
sf16-scmcdn-va.ibytedtos.com
185.27.134.150
2.16.186.27
2.16.186.41
21387d49779e6ad4ce969a865eb7543619aa37f3bd9c3243018340b08b774e3e
2d76d5e203f23b8dafcd4aac449b38585844fcc3fcdb4da39cc8758f37000250
34833eca688407faa4d2e17c650c445c447ad535c0a24611b26f4a608ba438cf
362732757fd8ef2a7aca850ca0c0a291c44a1192c367281e532be6b90acab235
4dc2b912705bc72035bc6d47e530126ea5ea8cde0c3129d30e9016abd48591d4
4f3db8175cf894afdcba2e8c502f4c599a4c2fee6c1990d1e4f74fd71123a5ba
565c49223cd89532282e358604b31c056ac66f52e13f2f42fd0a096a2f328613
69f0d1d60fbc8338cedd9c36c4068b2dea90624afcc37957854862649e44262d
6f17dbea8b6db5fd570d0a498b3a082691979671adf03ac1aa3c20697ec8296e
9426ab3e4ef10c1b356eb95de2a204d3ea259bdf66c340b14f92169771d5816d
a2f9ded0bf2d964d34d23c64ec7b7f19366c3e83afb31607e04c3a589619d073
b1fb6db7fb9b71519ef57c1352cd8510e9789110fbc780103a2becfa850bb79d
ce4993b1c3acb40b5c298d10d45d38f13a913588ff5dc5e078697de692ff8f1b
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
d63e03591eca3b9aab7823154a09cea4d0fdbe628a6b9ea5cc38437be443f206
dd3544c991134803b697653dbffa19ee05654397f1321d1c1a1af4d43f080b76
e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668