# dflow-rewards.pages.dev — SUSPICIOUS

> dflow-rewards.pages.dev is a social engineered phishing site flagged by Google Safe Browsing. Resolves to IP 188.114.97.3.

## Summary
PhishDestroy identifies dflow-rewards.pages.dev as an active social engineered phishing domain under investigation with a status of active. The domain is currently impersonating a rewards platform, targeting unsuspecting users via deceptive incentives.  

This domain was flagged by Google Safe Browsing for SOCIAL_ENGINEERING tactics, indicating an active attempt to lure users into fraudulent interactions. VirusTotal registered 0 detections out of 95 security vendors at the time of analysis, demonstrating low immediate detection despite malicious behavior. The domain is registered through Cloudflare, Inc., resolves to IP address 188.114.97.3, and has been blocked by Enkrypt and ScamSniffer. Security telemetry shows this domain has appeared on 2 active blocklists, while holding a valid SSL certificate issued by Google Trust Services. Despite its cloudfront-backed Page.dev subdomain, behavioral analysis confirms red flags consistent with phishing campaigns.  

The current status of this domain remains active and under investigation, with no formal takedown recorded at this time. Users should treat this domain with extreme caution, avoid entering any credentials, cryptocurrency wallet connections, or personal information. Block this domain at DNS and network levels, report to security platforms, and share intelligence via Threat Intelligence feeds. Organizations are advised to update firewall rules and browser blocklists immediately to prevent endpoint compromise. As this is a socially engineered phishing vector, heightened user awareness training is strongly recommended to mitigate brand abuse and financial theft risks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/645ae939-629b-497d-a2ed-bdecd67f44b7
- PhishDestroy: https://phishdestroy.io/domain/dflow-rewards.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/dflow-rewards.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dflow-rewards.pages.dev/
Last updated: 2026-04-11