urlscan.io logo urlscan.io
SecurityTrails logo

www.tiktok.com Open in urlscan Pro
23.193.116.203  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-...
Submission: On November 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 23 HTTP transactions. The main IP is 23.193.116.203, located in Hamburg, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.tiktok.com. The Cisco Umbrella rank of the primary domain is 4355.
TLS certificate: Issued by RapidSSL TLS ECC CA G1 on November 11th 2024. Valid for: a year.
This is the only time www.tiktok.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 23.193.116.203 20940 (AKAMAI-ASN1)
4 23.50.131.68 20940 (AKAMAI-ASN1)
23 3
Apex Domain
Subdomains		 Transfer
4 ttwstatic.com
sf16-website-login.neutral.ttwstatic.com — Cisco Umbrella Rank: 7191
45 KB
1 tiktok.com
www.tiktok.com — Cisco Umbrella Rank: 4355
59 KB
23 2
Domain Requested by
4 sf16-website-login.neutral.ttwstatic.com www.tiktok.com
sf16-website-login.neutral.ttwstatic.com
1 www.tiktok.com
23 2

This site contains no links.

Subject Issuer Validity Valid
*.www.tiktok.com
RapidSSL TLS ECC CA G1		 2024-11-11 -
2025-11-10		 a year crt.sh
*.neutral.ttwstatic.com
RapidSSL TLS RSA CA G1		 2024-07-02 -
2025-07-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
Frame ID: 360FF39BAE42F7EFA8E4F0275AB8267C
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

TikTok - Make Your Day

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

23
Requests

22 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

104 kB
Transfer

355 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request %D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
www.tiktok.com/discover/ 		203 KB
59 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.193.116.203 Hamburg, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-193-116-203.deploy.static.akamaitechnologies.com
Software
TLB / Goofy Node
Resource Hash
7fd9f4e61c80dbc53c02b0aee5765ae9601e49a4442dda640db6d2c769aa9cea
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=482c3ff4-a766-4e0e-aa09-72298aef70dc&scene=1; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsco.re *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.co.cr *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.br *.google.com.cy *.google.com.do *.google.com.ec *.google.com.gh *.google.com.lb *.google.com.mt *.google.com.my *.google.com.ng *.google.com.pe *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tr *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.iq *.google.is *.google.it *.google.lt *.google.lu *.google.lv *.google.md *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.td *.google.tn *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, no-cache, no-store
content-encoding
br
content-security-policy
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=482c3ff4-a766-4e0e-aa09-72298aef70dc&scene=1; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsco.re *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.co.cr *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.br *.google.com.cy *.google.com.do *.google.com.ec *.google.com.gh *.google.com.lb *.google.com.mt *.google.com.my *.google.com.ng *.google.com.pe *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tr *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.iq *.google.is *.google.it *.google.lt *.google.lu *.google.lv *.google.md *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.td *.google.tn *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; report-to csp-endpoint
content-security-policy-report-only
report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=482c3ff4-a766-4e0e-aa09-72298aef70dc&scene=1;report-to csp-endpoint;script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com interactives.ap.org js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.tiktokcdn-eu.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com sf16m-website-login.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com;worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js
content-type
text/html; charset=utf-8
date
Tue, 12 Nov 2024 09:12:54 GMT
expires
Tue, 12 Nov 2024 09:12:54 GMT
feature-policy
microphone 'none'; geolocation 'none'
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
reporting-endpoints
csp-endpoint="https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns"
server
TLB
server-timing
cdn-cache; desc=MISS, edge; dur=262, origin; dur=142 inner; dur=139
strict-transport-security
max-age=31536000; includeSubdomains
x-akamai-request-id
3c1224d9.429533c
x-bytefaas-execution-duration
136.90
x-bytefaas-request-id
20241112091252B4438EF8AC88D30EDA14
x-cache
TCP_MISS from a23-193-116-205.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-)
x-cache-remote
TCP_MISS from a23-55-100-201.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-)
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-gw-dst-psm
serverless.tiktok.desktop
x-ms-token
6Smlbj_GOmCJRADYl2AmvmfBymtRO-qZxOD1OGiJUmFMDWMogxrgAY8sjvsAQKdnqb7i-DnQ08mN58IE-vzoKHWueF7oO9FknxgZSxBQx5Pj1Q2URSgJ6xhy4qFP
x-origin-response-time
142,23.55.100.201
x-parent-response-time
404,23.193.116.205
x-powered-by
Goofy Node
x-pumbaa-web-avail
1
x-tt-logid
20241112091252B4438EF8AC88D30EDA14
x-tt-trace-host
01d9080a2d25d242f218926392faff9e6dd9e4eb0700d9961e98309983a87c5daf388238caf57b120f0e8ed23c5f454aece7720603be09e779caf4767e9d92b33b6268336cce822b12528b48400ab6f7a7645a161b0f684b726b2b8d0fd9f5f73e2271f5ec52e15713336202ff3dc296b0
x-tt-trace-id
00-241112091252B4438EF8AC88D30EDA14-181190D9055C6173-00
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-xss-protection
1; mode=block
slardar.web.pre.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok-infra/csp/sdk-pre/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok-infra/csp/sdk-pre/slardar.web.pre.js
Requested by
Host: www.tiktok.com
URL: https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.131.68 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-50-131-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bd113bf16c8248ed5f35534237857f87f43acdc099257ec1a7f2656f05011b63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.tiktok.com/

Response headers

content-md5
P5/hYxgBxxHLk5gY8cMwoA==
access-control-expose-headers
accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,strict-transport-security,version-id,x-api-id,x-content-type-options
content-encoding
br
etag
408a9afc-eea2-4df0-ab53-9c7a82e51500
x-check-cacheable
YES
x-content-type-options
nosniff
access-control-allow-methods
POST,PUT,GET,HEAD,DELETE,OPTIONS
x-api-id
native
expires
Thu, 12 Dec 2024 09:12:54 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
x-cache
TCP_HIT from a23-41-167-24.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-)
date
Tue, 12 Nov 2024 09:12:54 GMT
last-modified
Mon, 20 May 2024 17:43:27 GMT
content-type
application/javascript
vary
Accept-Encoding
x-akamai-request-id
501c585
opc-request-id
iad-1:fIoLmEzMghSCm7tQ7WuKUklaiGarDbuE4PqxmSkScCqJ2mOrtUkjs232yXSY5G3x
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=2592000
timing-allow-origin
*
storage-tier
Standard
version-id
16e74246-a112-4158-b499-037f9f2da965
access-control-allow-credentials
true
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
678
index.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.828/ 		78 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.828/index.js
Requested by
Host: www.tiktok.com
URL: https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.131.68 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-50-131-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f4ed02895f105bf2e65d981311c26f60cf2d9de1f38a65429ac380454606e82f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.tiktok.com
Referer
https://www.tiktok.com/

Response headers

content-md5
rv5ftRHB2Eq/eE/M/dfmoA==
access-control-expose-headers
accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,strict-transport-security,version-id,x-api-id,x-content-type-options
content-encoding
br
etag
17a9991a-65c8-416a-b380-31c50b57fae0
x-check-cacheable
YES
x-content-type-options
nosniff
access-control-allow-methods
POST,PUT,GET,HEAD,DELETE,OPTIONS
x-api-id
native
expires
Thu, 12 Dec 2024 09:12:54 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=0
x-cache
TCP_MEM_HIT from a23-41-167-24.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-)
date
Tue, 12 Nov 2024 09:12:54 GMT
last-modified
Tue, 08 Oct 2024 08:27:27 GMT
content-type
application/javascript
vary
Accept-Encoding
x-akamai-request-id
501c5c7
opc-request-id
iad-1:WA0DV3QPEf4VwA9yerUpprj5CJgIdDKQlpBryx6rFlKHHymrGOkXdEhnxo6A0F8j
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=2592000
timing-allow-origin
*
storage-tier
Standard
version-id
4c46fb3a-9c33-427b-8c3c-2b090db0833e
access-control-allow-credentials
true
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
20146
runtime.6b3b7f8dbe56c8a58275.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-byted-tiktok-icons.3ccee5f4fe5a186bfb1b.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-rxjs.6ec4b58d87c28c3ebb5c.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
crypto-js.07060a9aa9c45c349d97.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-xgplayer.ab00b64b39ae3017476c.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-react.d81b03eae0eede3b95ac.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
tux-h5-icons.a30a685cc009644274a6.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-xg-helper.1731ab49b2fefb076dda.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-sigi.daa65d6a2a032fe7d1b2.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-async-focus-lock.7b0cc27de2564f1a2a82.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-lottie.cb3fdc850e41a2c46f7a.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-dp-byted-tea-sdk-oversea.9ab187d0e75cca16e8f5.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-byted-web-privacy-sdk.6671849aa3f85a7591d4.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-596046b7.d2aefd0d70729593139d.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-596046b7.d2aefd0d70729593139d.js
Requested by
Host: www.tiktok.com
URL: https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.131.68 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-50-131-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7655b2221a2286409a83b7ebc7783377f9ffa01a8a6d409e15529e20b83e1b95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.tiktok.com/

Response headers

content-md5
GPBaLFISKBYtE6O6hz1hPQ==
access-control-expose-headers
accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,strict-transport-security,version-id,x-api-id,x-content-type-options
content-encoding
br
etag
e76b5aa9-a2e2-46a1-ae70-c3dbd8af8bc9
x-check-cacheable
YES
x-content-type-options
nosniff
access-control-allow-methods
POST,PUT,GET,HEAD,DELETE,OPTIONS
x-api-id
native
expires
Thu, 12 Dec 2024 09:12:54 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=0
x-cache
TCP_MEM_HIT from a23-41-167-24.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-)
date
Tue, 12 Nov 2024 09:12:54 GMT
last-modified
Sat, 26 Oct 2024 05:19:50 GMT
content-type
application/javascript
vary
Accept-Encoding
x-akamai-request-id
501c582
opc-request-id
iad-1:8bg4W899n8yyNnlQAiu0ReVG-b2d6sZ1K7LHXNnnU7A_dTkCG5Xa4sIUv_qTGpHc
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=2592000
timing-allow-origin
*
storage-tier
Standard
version-id
290b2e19-38b6-4a96-b8db-929cf9c9efe2
access-control-allow-credentials
true
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
11823
npm-d801507b.f534ab469a3d684a11fd.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
npm-74d9c565.74d5b7c34c7fee6f54fc.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-74d9c565.74d5b7c34c7fee6f54fc.js
Requested by
Host: www.tiktok.com
URL: https://www.tiktok.com/discover/%D0%BB%D0%B5%D0%B1%D0%B5%D0%B4%D0%B5%D0%B2-%D0%BF%D1%80%D0%BE-%D0%BC%D0%B5%D0%BC%D1%8B-%D1%81-%D0%BD%D0%B8%D0%BC
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.131.68 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-50-131-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b4e1bb6533c64cf239138208dd6aff72c1c2f789606e2ba126d875233dad1959
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.tiktok.com/

Response headers

content-md5
cs4rqiJcPKl5lkBA0f5bMQ==
access-control-expose-headers
accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,strict-transport-security,version-id,x-api-id,x-content-type-options
content-encoding
br
etag
3922c7c0-6947-4900-8b15-69319811ced9
x-check-cacheable
YES
x-content-type-options
nosniff
access-control-allow-methods
POST,PUT,GET,HEAD,DELETE,OPTIONS
x-api-id
native
expires
Thu, 12 Dec 2024 09:12:54 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=0
x-cache
TCP_MEM_HIT from a23-41-167-24.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-02978ab5588da6405be9084889a03f78) (-)
date
Tue, 12 Nov 2024 09:12:54 GMT
last-modified
Wed, 30 Oct 2024 02:27:27 GMT
content-type
application/javascript
vary
Accept-Encoding
x-akamai-request-id
501c57f
opc-request-id
iad-1:1A9h3_P9adKzMYlXY3aohF1MHz_zYoFed8QL7wXlfMqMUfG9VLp0e99_a-GYpsGr
strict-transport-security
max-age=31536000; includeSubDomains
x-origin-response-time
703,23.193.181.5
cache-control
max-age=2592000
timing-allow-origin
*
storage-tier
Standard
version-id
bbbf0492-ec63-43d0-9f86-6285b4591446
access-control-allow-credentials
true
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
9460
vendor.312338022820afc06868.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
webapp-desktop.0431219222b94129983b.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/ 		0
0
core.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.828/ 		0
0
browser.sg.js
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/runtime.6b3b7f8dbe56c8a58275.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-byted-tiktok-icons.3ccee5f4fe5a186bfb1b.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-rxjs.6ec4b58d87c28c3ebb5c.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/crypto-js.07060a9aa9c45c349d97.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-xgplayer.ab00b64b39ae3017476c.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-react.d81b03eae0eede3b95ac.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/tux-h5-icons.a30a685cc009644274a6.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-xg-helper.1731ab49b2fefb076dda.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-sigi.daa65d6a2a032fe7d1b2.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-async-focus-lock.7b0cc27de2564f1a2a82.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-lottie.cb3fdc850e41a2c46f7a.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-dp-byted-tea-sdk-oversea.9ab187d0e75cca16e8f5.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-byted-web-privacy-sdk.6671849aa3f85a7591d4.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/npm-d801507b.f534ab469a3d684a11fd.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/vendor.312338022820afc06868.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/webapp/main/webapp-desktop/webapp-desktop.0431219222b94129983b.js
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.828/core.js?globalName=__PNS_RUNTIME__
Domain
sf16-website-login.neutral.ttwstatic.com
URL
https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/browser.sg.js?bid=tiktok_webapp&globalName=SlardarClient

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __PNS_RUNTIME__ number| __PUMBAA_RUN_FLAG__ object| config string| slardarClient function| SlardarClient object| __LOADABLE_LOADED_CHUNKS__

5 Cookies

Domain/Path Name / Value
.tiktok.com/ Name: ttwid
Value: 1%7Ci6_Dhv6cQk5sOM9WadCFex5d49lIWnxvRGMU8So8fTg%7C1731402774%7C4b97e91f95718b256297613f21bff8fd5237e577001b4a09c4129412109e6496
.tiktok.com/ Name: tt_csrf_token
Value: 6LuFqyOW-LN0C8K6UV9vY1pgNa8D7o6bsrUI
.tiktok.com/ Name: tt_chain_token
Value: zWXeKwtxsdFicSJ7vUts9Q==
.tiktok.com/ Name: msToken
Value: 6Smlbj_GOmCJRADYl2AmvmfBymtRO-qZxOD1OGiJUmFMDWMogxrgAY8sjvsAQKdnqb7i-DnQ08mN58IE-vzoKHWueF7oO9FknxgZSxBQx5Pj1Q2URSgJ6xhy4qFP
.tiktok.com/ Name: ak_bmsc
Value: 6D4321A10BE6AAA9FCB57B42418361F2~000000000000000000000000000000~YAAQzXTBF+mX1RyTAQAAlbalHxlKKyyNtqTF+3W51NxflshqAggowmWVDTmwbwwJcC+tbK4qjc8ldaOpKK5TaQowl3IGkGJ3j8xmwfD7tuRFnRcCJ7ra0TXBAQuevTPaDpOwfFuOMIyM8zBgfAKnDGFc8tQ5Iq7gGJzmTLQ28R0T980Wyo6g0u5yFqV+zwy2tnvSCCdQMuYJ7qu6wDgSML7GrrHChFn37AH3ubBYgW7tC16UToyfrQNDUxdeS8HqOLojrTUghJadHQuc76xO0UPxDL6CZsCTd+kzJ3sdWrcZpbG1ap368d7Yumdhk3qGqM1diM88kzJ3xEEjQWQi+7jxdlHVpgShixrsvfzLqT6x0ZtVLLTuohWu1NTavQxtGBnmmZGFdZcinQ==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=482c3ff4-a766-4e0e-aa09-72298aef70dc&scene=1; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsco.re *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.co.cr *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.br *.google.com.cy *.google.com.do *.google.com.ec *.google.com.gh *.google.com.lb *.google.com.mt *.google.com.my *.google.com.ng *.google.com.pe *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tr *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.iq *.google.is *.google.it *.google.lt *.google.lu *.google.lv *.google.md *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.se *.google.si *.google.sk *.google.td *.google.tn *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block