# downaldrewards.pages.dev — SUSPICIOUS

> downaldrewards.pages.dev mimics a rewards program to steal crypto via a fake login portal. This domain is flagged for active phishing and resolves to.

## Summary
PhishDestroy identifies downaldrewards.pages.dev as an active generic phishing domain designed to deceive users by impersonating a legitimate rewards platform. The site employs spoofed branding and a convincing login interface to harvest credentials and cryptocurrency wallet details. Unlike targeted phishing campaigns, this threat is opportunistic, relying on broad distribution via social engineering and malicious ads. The domain leverages Cloudflare’s infrastructure to obfuscate its origin, but its infrastructure is consistent with known drainer-as-a-service toolkits that automate credential and wallet theft.  

 This domain is actively hosted on Cloudflare (IP 172.66.46.228) and registered through Cloudflare, Inc., with a valid Let’s Encrypt SSL certificate. VirusTotal currently shows 0/95 detections, indicating it has not yet been widely flagged by antivirus engines. The domain is a subdomain under pages.dev, a platform commonly abused for phishing due to its free hosting and rapid deployment capabilities. No specific creation date is publicly available, but its recent registration and active status suggest it was established recently. Google Safe Browsing (GSB) has not yet marked it as malicious, and it remains unlisted across major blocklists, presenting a high risk due to its undetected status.  

 As of the latest assessment, downaldrewards.pages.dev remains active and unresolved, with no immediate takedown actions observed. Users should avoid accessing the domain entirely, as it poses an imminent risk of credential theft and cryptocurrency drain. Security researchers are urged to report the domain to Cloudflare abuse channels and contribute detection signatures to VirusTotal. The remaining risk is high due to its current lack of detection flags and reliance on Cloudflare’s anonymizing infrastructure. Users who have interacted with this site should revoke any exposed credentials, transfer funds from affected wallets, and scan their devices for malware. Immediate browser isolation and network-level blocking are recommended for organizations.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.228

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7da2010f-1aaa-424f-8407-b95fa909350a
- PhishDestroy: https://phishdestroy.io/domain/downaldrewards.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/downaldrewards.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/downaldrewards.pages.dev/
Last updated: 2026-03-28