# migrate-waronvsd1.live — SUSPICIOUS > PhishDestroy identifies migrate-waronvsd1.live as a Warzone account migration phishing lure. Check the full report to see detection stats and technical. ## Summary PhishDestroy identifies migrate-waronvsd1.live as an active fake account‐migration phishing domain posing as “Warzone Migration Tool.” Current risk level is under investigation; however, the lure is already circulating among gaming communities and poses a real credential‐theft threat. The domain leverages urgency (“migration required”) to trick players into surrendering Activision or Call-of-Duty credentials. This is not generic phishing—it is a targeted gaming-account takeover campaign. Users entering credentials on the fraudulent page will immediately lose control of their accounts and any purchased skins or battle passes. This domain was flagged by PhishDestroy on seed 9a2473. It resolves to IPv4 address 104.21.11.29 and currently serves a Let’s Encrypt SSL certificate, giving it a superficial appearance of legitimacy. VirusTotal shows zero detections out of 95 engines as of the last scan, indicating the payload remains largely undetected by antivirus stacks. The domain was created on March 14, 2026—less than 48 hours ago—through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for high-volume, low-friction registrations that are often abused for short-lived phishing lures. No blocklist entries or trust scores are publicly available yet, reflecting its infancy and the lag in threat-intel pipelines. Despite the lack of current detections, the combination of fresh registration, low domain age, and direct targeting of a high-value gaming asset class elevates the threat to critical for individual players and reputable gaming platforms alike. Immediate mitigation is required. Players should avoid clicking any links promising “Warzone account migration” and should never enter credentials on unsolicited pages. Use two-factor authentication wherever possible and treat any unsolicited DMs or emails referencing account migration as hostile. Gaming platforms should add migrate-waronvsd1.live to DNS blocklists and monitor for newly registered variants. Security teams should investigate the Let’s Encrypt certificate serial and issuing CA for possible abuse patterns. Users who may have already entered credentials should perform a full password reset, revoke OAuth tokens, and report the compromise to the game publisher immediately to reclaim their accounts and prevent further abuse. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-14 00:25:14 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.11.29 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9e89cc12-34c3-42c3-8915-00bc0b68aa39 - PhishDestroy: https://phishdestroy.io/domain/migrate-waronvsd1.live/ - LLM endpoint: https://phishdestroy.io/domain/migrate-waronvsd1.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/migrate-waronvsd1.live/ Last updated: 2026-03-23