0/100

medium Risk

www.tiktok.com

https://www.tiktok.com/@kn_89ka/live?enter_from_merge=pc_share&enter_method=pc_share&is_from_webapp=1&sender_device=pc

23.215.0.239 · Akamai Technologies, Inc.

Location

Ashburn, United States

Domain Age

10885 days

HTTP

200 · 39.8s

SSL

Valid· RapidSSL TLS ECC CA G1, DigiCert Inc, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "وليد الباشا 👉👉 (@kn_89ka) is LIVE - TikTok LIVE"

Save

Domain Intelligence: tiktok.com

Scanned 4 times since Mar 24, 2026, 10:51 PM UTC

⚠ Medium (38)

Registered-domain escalation

Submit tiktok.com as the primary IOC, enriched with evidence from hostile subdomains like www.tiktok.com.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

TikTok

Unknown

Social Media · 6/3/2026

Summary

The page appears to be a TikTok Live URL (www.tiktok.com) showing a live stream with typical TikTok branding. The screenshot and page title indicate a legitimate TikTok Live experience, and the host username is displayed on the official TikTok live route. No explicit credential harvesting or impersonation signals are evident from the provided data alone. However, the presence of numerous external analytics/telemetry endpoints and third-party scripts in the HTML could be used for data collection by the platform itself, which is common for first-party services. The risk signals include a high count of external scripts and several cross-domain network requests observed in the capture, but these appear to be standard for a large social media platform rather than evidence of phishing impersonation.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸Off-domain submission or API endpoints observed: https://www.tiktokw.us/api/global-footer/graphql.

▸Distinctive asset clues: slardar.web.pre.js, index.js, 56954.873945f5.css, main.042c0f12.css, 9a220980b98eccd9b8dea967706c3f82~tplv-tiktokx-cropcenter:100:100.webp.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 179

Hosts: 16

Domains: 5

Suspicious Endpoints

hxxps://www[.]tiktokw[.]us/api/global-footer/graphql

hxxps://www[.]tiktok[.]com/api/ba/business/suite/permission/list/?aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&channel=tiktok_web&cookie_enabled=true&data_collection_enabled=false&device_id=7638167550933943822&device_platform=web_pc&focus_state=true&from_page=&history_len=2&is_fullscreen=false&is_page_visible=true&os=windows&permissionList=001004%2C001005%2C025007%2C025008&priority_region=&referer=&region=US&screen_height=720&screen_width=1280&tz_name=America%2FNew_York&user_is_login=false&webcast_language=en&msToken=&X-Bogus=DFSzKIVOqHzANjkTC-3SojPPCOzA&X-Gnarly=MwKkEBbLRXXPSqmDBUB06AXRTK-EOmU3aWYpqWdth0q/6s5XoOTVpsktUpWd0gt5g--SP/qMd3uWjOTCliHZqA3A0boE3HVaNnlIqetPOza5JxolfeZ7DlNpKa-O8iCCf9jlUaz2dMKRsBx7zVUXwftg0SMg9Ghx2HmBFghzWukt-GEEYISXez90uKhU3T4T47168oC6ThK4mUlXbPZSsBvxBabb-v-1MhNcH4Oi3g7wTKqF9uVzKBTaA1JLUFGjeL6jEo9vZ3DVnXp225bBmBoIFupndZwqt6n8DIpKnrwStySel0fGxPNWmJD/0GqkR/OOSTS-aZ==

hxxps://www[.]tiktok[.]com/api/inbox/notice_count/?aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&channel=tiktok_web&cookie_enabled=true&data_collection_enabled=false&device_id=7638167550933943822&device_platform=web_pc&focus_state=true&from_page=&history_len=2&is_fullscreen=false&is_page_visible=true&os=windows&priority_region=&referer=&region=US&screen_height=720&screen_width=1280&tz_name=America%2FNew_York&user_is_login=false&webcast_language=en&msToken=&X-Bogus=DFSzKIVOc7zANjkTC-3SojPPCOza&X-Gnarly=MakY-bCqb/J-P5sQoQijTNeOLYGiB/10c-w1qrR-sNHXndlwPOzCITrbEAAz6L/k60keQD6elRZMU9buEkAJDcXObiqdXOnMLfi2ggXa8asooOLXQwqVGrk81ZAvnwoeWIIkMWag1bWXVyFQ2XvdenK5dNuuwopCdhgMy6goJ9asPp71XpcyUH1OomdmiR2j5f8bB3s29ymVdBCTWcdpfHVsKRg7dTuzOwxFlyNajXcUNOLVdaJhlp7mi/Ak-lEyxhA/6yKm77dUNnE3B2/ydxD8rF7VjBZlbIMyM9L6g0chiCzMlBH/f0FeO0WHSM4sUpufbIO63Z==

hxxps://www[.]tiktok[.]com/tiktok/ppf/api/eligibility/v2?aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&channel=tiktok_web&cookie_enabled=true&data_collection_enabled=false&device_id=7638167550933943822&device_platform=web_pc&focus_state=true&from_page=&history_len=2&is_fullscreen=false&is_page_visible=true&os=windows&priority_region=&referer=&region=US&screen_height=720&screen_width=1280&tz_name=America%2FNew_York&user_is_login=false&webcast_language=en

hxxps://www[.]tiktok[.]com/api/v1/web-cookie-privacy/config?locale=en&appId=1988&theme=default&tea=1

hxxps://webcast[.]us[.]tiktok[.]com/webcast/game_feed/api/feed_component/strategy/?aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&channel=tiktok_web&cookie_enabled=true&data_collection_enabled=false&device_id=7638167550933943822&device_platform=web_pc&focus_state=true&from_page=&history_len=2&is_fullscreen=false&is_page_visible=true&os=windows&priority_region=&referer=&region=US&screen_height=720&screen_width=1280&tz_name=America%2FNew_York&user_is_login=false&webcast_language=en&msToken=xFbjVnD8I3np2uolxBCtZzkAPbXpQ07AMUZ1O_1fFAJ1wLApMkk9aLj_-7Hxjolce9bxiKfwRFxL3HZF4FoYxCt_n4coZYcHhVB5eUmDOHxwm_xd2bVlpbHLRG1ljw==&X-Bogus=DFSzKIVOsq2ANjkTC-3SofPPCOFY&X-Gnarly=MRDStXgAECCZXgYqIbvn8rvG9KRqOIAdTrTJMCONZGtf-gbIbNbZJRM2x3H93HanThJU2d2KplirBeN0CyYw4p0tpBr6TgnPicsimmC6gSdMiWGM1mo0E/cKtjheYWfNzA02n3JVUc/3-J0t5GUMfX4ADz4lcLHKg7dPSZqjVLM7O39zI-kB2Dy5WWuBiZbqdL-R2TW1OtVM8r6OR03pa2CChMyDsRTuLmkL0b3VIJsAgbt9D5WDP9mRCVxzb7I4nX-mFxEpfMw/xqggiXrpEbUn4TACJ28THGMnscTICW5RgHMF5d5FwQ7PDGnGWKVT0KsHRJnZSk==

Off-Domain Posts

hxxps://www[.]tiktokw[.]us/api/global-footer/graphql

Observed Signals (1)

SPA-rendered page with dynamic credential-related UI loaded via JavaScript bundles

Observed Indicators (1)

▸No static login form or credential fields in the static HTML

Risk AssessmentUsed in abuse reports

The scan data shows this is a TikTok Live page on the official domain with typical first-party telemetry and CDN usage. There is no evidence of credential harvesting, impersonation of a different brand, or malicious content that would indicate phishing. However, the presence of many external requests and potential data collection calls warrants monitoring for privacy impact, but it does not constitute a phishing abuse case or credential theft at this time.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence