What Is TikTok.com and Is It Safe?

What Is TikTok.com?

TikTok (tiktok.com) is a short video clip website owned by ByteDance (bytedance.com). TikTok users can upload videos that range from 3 seconds to 10 minutes, making it a cross between Vine (vine.co) and YouTube (youtube.com). Though owned by a Chinese company, TikTok is mostly used by non-Chinese people, and a Chinese counterpart Douyin (douyin.com), owned by the same parent company, gets the most Chinese traffic.

As of February 2023, the site tiktok.com gets an estimated 1.7 billion monthly views according to SimilarWeb. The Wayback Machine estimates tiktok.com was founded on September 2016.

Links and Profiles

Website: https://www.tiktok.com/

Is TikTok.com Safe?

I ran malware tests to find out if tiktok.com is safe and legit. Here are the results:

I checked the site tiktok.com on the online malware scanner Sucuri and it returned with no issues. You can see the same here: Sucuri scan for the site bytedance.com.

Sucuri says the site TikTok.com doesn’t have malware and is an overall low security risk. Sucuri also says that no associated security vendors have flagged the domain as malicious. A website firewall has also been detected.

Some hardening improvements can be made to the security headers:

• Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'. Affected pages:
  https://www.tiktok.com/404?fromUrl=/404javascript.js
  https://www.tiktok.com/404?fromUrl=/404testpage4525d2fdc
  https://www.tiktok.com/login?redirect_url=https://www.tiktok.com/upload&lang=en
• Missing Strict-Transport-Security security header. Affected pages:
  https://www.tiktok.com/404?fromUrl=/404javascript.js
  https://www.tiktok.com/404?fromUrl=/404testpage4525d2fdc
  https://www.tiktok.com/login?redirect_url=https://www.tiktok.com/upload&lang=en
• Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src. Affected pages:
  https://www.tiktok.com/404?fromUrl=/404javascript.js
  https://www.tiktok.com/404?fromUrl=/404testpage4525d2fdc
  https://www.tiktok.com/about/contact?lang=en
  https://www.tiktok.com/about?lang=en
  https://www.tiktok.com/login?redirect_url=https://www.tiktok.com/upload&lang=en
• The ‘unsafe-eval’ keyword in Content-Security-Policy is not recommended. Please consider fixing the JavaScript code.

However, these hardening improvements don’t impact the Sucuri grade.

To check this further I ran a parasite scan with Unmask Parasites on the site tiktok.com and it returned with an error and said http://tiktok.com is not a web page. You can see the same here: Unmask Parasites scan for the site tiktok.com.

To try to confirm that the site is clean, I checked the domain tiktok.com on VirusTotal and it returned with no security vendors having flagged the domain as malicious. You can see the same here: VirusTotal scan for the site tiktok.com.

In conclusion, the site tiktok.com is a low security risk and doesn’t have malware according to Sucuri. Unmask Parasites shows an error and says the URL http://tiktok.com is not a web page, which is a little bit suspicious why it would say that (it could be an error with Unmark Parasites or it could be manipulated by TikTok). And no security vendors associated with Sucuri or VirusTotal have flagged the domain tiktok.com as malicious. Overall, the site tiktok.com looks very safe, though the error related to Unmark Parasites should be further investigated.

References

1. SimilarWeb –

2. Wayback Machine –