# tiktokdl.pages.dev — SUSPICIOUS

> tiktokdl.pages.dev is an active crypto drainer mimicking TikTok - 0/95 VirusTotal detections. Verify legitimacy via PhishDestroy before interacting with any.

## Summary
PhishDestroy identifies tiktokdl.pages.dev as an active crypto drainer impersonating TikTok, currently under investigation with a risk level flagged as active.

This domain was flagged by PhishDestroy's automated threat detection system on seed 403f5f. The infrastructure analysis reveals registration through Cloudflare, Inc. with a valid SSL certificate issued by Google Trust Services. The domain resolves to IP address 172.66.46.250, which currently shows 0 detections out of 95 VirusTotal scans. While the domain's creation date remains unverified in public records, the combination of Cloudflare registration, Google-issued SSL, and current lack of detection suggests either recent deployment or sophisticated evasion tactics. No blocklists have flagged this domain as of the latest scan cycle.

The threat assessment indicates this is a crypto drainer designed to steal cryptocurrency assets through fake TikTok service impersonation. Victims are likely tricked through social media or messaging platforms into visiting the domain, where malicious scripts would drain connected wallets. Given the 0/95 VirusTotal detection rate and legitimate-looking infrastructure, this represents a high-risk threat that could escalate rapidly. Users should immediately cease any interaction with this domain and verify all TikTok-related download links through PhishDestroy's verification system before proceeding. Blocking the IP 172.66.46.250 at the network perimeter is recommended as a temporary mitigation while this investigation continues.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.250

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/47928c89-d4d5-4128-a438-db9d81252259
- PhishDestroy: https://phishdestroy.io/domain/tiktokdl.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tiktokdl.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tiktokdl.pages.dev/
Last updated: 2026-04-01