# migrate-waronusd1.live — SUSPICIOUS

> migrate-waronusd1.live is a brand impersonation scam targeting WarOnUSD1 users. This domain, flagged by 1/95 security vendors, resolves to 188.114.96.

## Summary
PhishDestroy identifies migrate-waronusd1.live as an active brand impersonation domain targeting WarOnUSD1 users. The domain employs a deceptive naming strategy to mimic the legitimate WarOnUSD1 brand, likely hosting a fraudulent website designed to harvest cryptocurrency or payment credentials. No evidence of a drainer kit or advanced malware infrastructure is currently associated with this domain, suggesting it operates primarily as a credential phishing or social engineering trap.  This domain was flagged by VirusTotal with a detection ratio of 1 out of 95 security vendors. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often associated with bulk domain registrations that facilitate malicious activities. The domain resolves to the IP address 188.114.96.3, a known hosting provider linked to multiple fraudulent sites. The domain was created on March 13, 2026, which is unusually recent for a legitimate entity, and it employs a Let's Encrypt SSL certificate to appear trustworthy. Google Safe Browsing (GSB) lists it as unsafe, and it has been identified on 1 known blocklist, indicating emerging but confirmed malicious activity.  As of now, migrate-waronusd1.live remains active and poses an elevated risk to users who may encounter it through phishing emails, social media, or fraudulent advertisements. Immediate actions include blocking the domain at the network level and flagging it in threat intelligence platforms for broader dissemination. While the current risk is elevated due to its freshness and impersonation tactics, the lack of historical data and the low VirusTotal detection ratio suggest this campaign may still be in early stages. Users should exercise extreme caution, verify URLs before interactions, and report any encounters to cybersecurity authorities for further analysis. Remaining risk is moderate but could escalate if the domain gains traction in malicious campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: WarOnUSD1

## Domain Intelligence
- Registered: 2026-03-13 23:44:58
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/85cbc5f2-0674-4205-8bed-ecd6d4a1879a
- PhishDestroy: https://phishdestroy.io/domain/migrate-waronusd1.live/
- LLM endpoint: https://phishdestroy.io/domain/migrate-waronusd1.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/migrate-waronusd1.live/
Last updated: 2026-03-20