# chibi-reward.pages.dev — SUSPICIOUS

> chibi-reward.pages.dev hosts a cryptocurrency drainer kit mimicking reward platforms. Blocked by ScamSniffer, it resolves to 172.66.47.

## Summary
PhishDestroy identifies chibi-reward.pages.dev as an active cryptocurrency drainer posing as a reward platform. This domain employs malicious JavaScript to siphon funds from unsuspecting victims' wallets, targeting users familiar with reward-based ecosystems. The infrastructure leverages Cloudflare Pages to host a deceptive interface, likely impersonating legitimate reward programs to establish trust before triggering wallet-draining mechanisms. No specific brand impersonation has been confirmed yet, but the drainer kit appears to be a generic variant commonly distributed via social engineering campaigns.  

This domain resolves to IP address 172.66.47.26 and is registered through Cloudflare, Inc. VirusTotal currently shows 0 detections out of 95 scanners, indicating it remains under the radar for most antivirus solutions. The domain is currently flagged on 1 security blocklist and is blocked by ScamSniffer. The SSL certificate, issued by Let's Encrypt, provides a false sense of security, while the use of Cloudflare's infrastructure further complicates takedown efforts. The domain's rapid deployment via Cloudflare Pages suggests an opportunistic approach to phishing, where threat actors exploit legitimate hosting services to evade detection.  

As of the latest assessment, chibi-reward.pages.dev remains active, with no signs of immediate takedown. The domain's low detection rate on VirusTotal and limited blocklist presence indicate a window of opportunity for threat actors to continue operations undetected. Users are strongly advised to avoid interacting with this domain and to report any encounters to their security teams. Organizations should consider blocking the domain at the network level and monitoring for related infrastructure. The remaining risk is moderate, given the domain's active status and the potential for further propagation via social engineering tactics. Immediate action is recommended to prevent potential financial losses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.26

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/91b43275-f3cc-4965-aac3-fbce44290d8f
- PhishDestroy: https://phishdestroy.io/domain/chibi-reward.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/chibi-reward.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/chibi-reward.pages.dev/
Last updated: 2026-03-27