# migratefun-m.pages.dev — SUSPICIOUS

> Critical alert: migratefun-m.pages.dev hosts active cryptocurrency wallet drainers. VT score 1/95. Check the full report.

## Summary
PhishDestroy identifies active cryptocurrency wallet drainers hosted at migratefun-m.pages.dev, a Cloudflare Pages domain impersonating legitimate crypto wallet services to steal digital assets. This domain leverages a sophisticated drainer kit designed to trick users into connecting wallets and approving fraudulent transactions, resulting in direct asset theft. The campaign is operational and poses an elevated risk to cryptocurrency users engaging with untrusted links or websites.


This domain was flagged by only 1 out of 95 VirusTotal security vendors. It is registered through Cloudflare, Inc., resolves to IP 188.114.96.3, and uses a Let's Encrypt SSL certificate. As of current telemetry, the domain remains unblocked by Google Safe Browsing and has not been widely listed on major threat intelligence blocklists. The domain is part of the Cloudflare Pages platform, which provides rapid deployment and hosting capabilities that threat actors exploit to launch short-lived phishing and drainer campaigns with minimal overhead.


The campaign remains ACTIVE as of seed 7b5753, with no public takedown or blocklist mitigation observed. Immediate response actions include blocking the domain at network and DNS levels, flagging the associated IP (188.114.96.3) in perimeter defenses, and disabling Cloudflare Pages deployments from unknown or untrusted sources. Remaining risk is elevated due to the domain's current availability, low detection rate, and the targeting of high-value cryptocurrency users. Users are advised to avoid interacting with unsolicited links, verify domain legitimacy via official sources, and enable wallet-level transaction approvals to mitigate unauthorized transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1ee7c4fc-f97b-4dbe-8b99-4b9ce34560b0
- PhishDestroy: https://phishdestroy.io/domain/migratefun-m.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/migratefun-m.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/migratefun-m.pages.dev/
Last updated: 2026-04-13