# dflow-claim.pages.dev — MALICIOUS

> dflow-claim.pages.dev is a crypto drainer posing as a legitimate service. VirusTotal flags it with 16/95 detections.

## Summary
PhishDestroy identifies dflow-claim.pages.dev as an active crypto drainer, posing elevated risks to cryptocurrency users. This domain specializes in illicitly siphoning funds from unsuspecting victims by masquerading as a legitimate service, leveraging deceptive techniques to drain digital assets.  This domain exhibits multiple red flags across threat intelligence platforms. VirusTotal reports 16 out of 95 security vendors have flagged this domain as malicious. It is registered through Cloudflare, Inc., resolving to IP address 188.114.96.3. The SSL certificate is issued by Google Trust Services, which may lend an air of legitimacy, but this does not mitigate its malicious intent. Notably, the domain appears on 2 security blocklists and is already blocked by security solutions such as Enkrypt and ScamSniffer.  To mitigate risks associated with this crypto drainer, users should avoid interacting with dflow-claim.pages.dev entirely. Block the domain and its associated IP address at the network level to prevent accidental access. Additionally, ensure your cryptocurrency wallets and transactions are monitored closely for any unauthorized activity. If you have already interacted with this domain, revoke any connected wallet permissions immediately and transfer remaining assets to a secure, offline wallet. Exercise heightened caution with domains hosted on free or dynamic services like pages.dev, as these are frequently exploited for malicious campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/45068baf-bc20-470b-adb9-0e127c9109d7
- PhishDestroy: https://phishdestroy.io/domain/dflow-claim.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dflow-claim.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dflow-claim.pages.dev/
Last updated: 2026-04-12