# api.tinder007.vip — MALICIOUS > PhishDestroy identifies api.tinder007.vip as a Tinder credential theft site flagged by 8 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies the active domain api.tinder007.vip as a brand impersonation and credential theft site with elevated risk. The threat involves the impersonation of the Tinder dating platform to steal user credentials through fake login endpoints. This domain is currently operational and poses immediate danger to unsuspecting users attempting to access Tinder services via compromised channels. PhishDestroy’s investigation reveals that api.tinder007.vip is flagged by 8 of 95 VirusTotal security vendors, indicating partial detection but insufficient coverage against active threats. The domain was registered through Gname.com Pte. Ltd. on June 24, 2025, and resolves to IP address 154.220.96.198. It operates under a valid SSL certificate issued by Let’s Encrypt, enhancing its deceptive appearance. No blocklist count is publicly available at this time, but the combination of recent registration, low VT detection, and active infrastructure signals heightened risk of exploitation. The domain remains active and continues to operate with minimal detection despite its malicious intent. PhishDestroy strongly recommends immediate network-level blocking of api.tinder007.vip via DNS filtering and firewall rules. Users and organizations should verify all Tinder-related endpoints against official domains (e.g., tinder.com / api.gotinder.com) and refrain from entering credentials on third-party or unfamiliar sites. Security teams are advised to audit DNS logs for recent resolution of 154.220.96.198 and to alert users about this specific impersonation campaign. Ongoing monitoring and proactive threat hunting are essential to prevent credential compromise and downstream attacks. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-06-24 08:11:02 - Registrar: Gname.com Pte. Ltd. - IP: 154.220.96.198 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7188ba88-a092-45e3-8cf3-0a9946a11bf6 - PhishDestroy: https://phishdestroy.io/domain/api.tinder007.vip/ - LLM endpoint: https://phishdestroy.io/domain/api.tinder007.vip/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/api.tinder007.vip/ Last updated: 2026-03-22